Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Trojan Horse Generic29


  • This topic is locked This topic is locked
31 replies to this topic

#1 WKRichard

WKRichard

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 16 July 2013 - 07:08 PM

My computer opens IE on it's own and searches for fills in random letters in the address bar and searches for some website, over and over all day long. My Outlook has also stopped working and is now asking for the product key, that I can't find.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.4.1
Run by Owner at 19:56:41 on 2013-07-16
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.baynews9.com/
uSearch Bar = Preserve
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: <No Name>: {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89SrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Toolbar BHO: {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89bar.dll
BHO: Search Assistant BHO: {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89SrcAs.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
TB: SafePCRepair: {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89bar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [HP Photosmart 5510d series (NET)] "C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" -deviceID "CN21J3B87705RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
uRun: [SmileboxTray] "C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [uProWebSync] C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe
mRun: [DATAMNGR] C:\PROGRA~2\SETTIN~1\Datamngr\DATAMN~2.EXE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SafePCRepair Search Scope Monitor] "C:\PROGRA~2\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
mRun: [SafePCRepair_89 Browser Plugin Loader] C:\PROGRA~2\SAFEPC~2\bar\1.bin\89brmon.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: NameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DHCPNameServer = 192.168.1.1 68.238.112.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\mgrldr.dll c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SafePCRepair Home Page Guard 64 bit] "C:\PROGRA~2\SAFEPC~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4guno4fx.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/465
FF - prefs.js: keyword.URL - hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=107&systemid=465&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.shownSelectionUI - true
.
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-07-16 20:11:19 -------- d-----w- C:\Windows\pss
2013-07-16 18:55:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\eDownload
2013-07-16 18:48:34 -------- d-----w- C:\Users\Owner\AppData\Local\SafePCRepair_89
2013-07-16 18:48:26 -------- d-----w- C:\Users\Owner\AppData\Local\iolo
2013-07-16 18:48:26 -------- d-----w- C:\ProgramData\iolo
2013-07-16 18:48:24 -------- d-----w- C:\Program Files (x86)\SafePCRepair
2013-07-16 18:48:15 -------- d-----w- C:\Program Files (x86)\SafePCRepair_89
2013-07-13 15:34:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Yrli
2013-07-13 15:34:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Xiotux
2013-07-13 15:34:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Qynuix
2013-07-12 20:45:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ifof
2013-07-12 20:45:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ekopha
2013-07-12 20:45:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Aqxuw
2013-07-12 20:44:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\Neohd
2013-07-12 20:44:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\Luolg
2013-07-12 20:44:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\Igpe
2013-07-10 06:31:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
.
==================== Find3M  ====================
.
2013-06-27 10:51:16 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-12 01:38:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:38:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 20:00:09.45 ===============
 

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
10 Days Under The Sea
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Amazing Adventures Around the World™
Amazing Adventures The Caribbean Secret™
Amazing Finds
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AVG 2013
AVG PC Tuneup 2011
AVG Security Toolbar
Big City Adventure - San Francisco
Big City Adventure™ - Sydney
Bing Bar
Bing Rewards Client Installer
Bonjour
BrowserProtect
Can You See What I See - Dream Machine
CardRd81
CCScore
Choice Guard
Compatibility Pack for the 2007 Office system
Content Manager
Coupon Printer for Windows
CR2
CWA Reminder by We-Care.com v4.1.21.3
CyberLink Power2Go
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta Chrome Toolbar
Delta toolbar 
Double Play Jewel Quest II and Jewel Quest III
Drive Manager
EPSON Scan
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
File Type Assistant
FirstClass® Client
Free File Viewer 2012
Gateway Games
Gateway Photo Frame 4.2.3.6
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photo Creations
HP Photosmart 5510d series Basic Device Software
HP Photosmart 5510d series Help
HP Photosmart 5510d series Product Improvement Study
HP Update
IHA_MessageCenter
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java™ 6 Update 41
Java™ 6 Update 5
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
KB0817 Keyboard Driver
Kodak EasyShare software
Little Shop - Road Trip
Little Shop - World Traveler
Little Shop of Treasures
Little Shop of Treasures 2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
netbrdg
OfotoXMI
PlayReady PC runtime
PreReq
QuickTime
RealArcade
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.5
SafePCRepair Internet Explorer Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Settings Alerter
SFR
SFR2
SHASTA
skin0001
SKINXSDK
Slingo Quest
Smilebox
Spelling Dictionaries Support For Adobe Reader 9
staticcr
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Upgrade Kit
UPRO Connector
uPro MX Software Upgrade
UPRO sync
Verizon Help and Support Tool
Video Converter
VideoCam Suite 2.0
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VPRINTOL
Vz In Home Agent
Web Games Player Plugin
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WIRELESS
YNAB 3
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 16 July 2013 - 08:08 PM

Hi and welcome.

Before we start, please read the following suggestions:
 

  • Do not download and run tools unless instructed.

    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  • Do not attach logs or use code boxes unless instructed, just copy and paste the text on your reply.

    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read.  Also, attachments require us to download and open the reports when it is easier to just read them in your post.

  • Please read every post completely before doing anything.

    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

  • Please provide feedback about your experience as we go.

    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc.  Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

 

NOTE: Backup any files that cannot be replaced.  Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
   
NOTE: Save the instructions in notepad or print them if necessary, so you can have access to these, should you require to go offline during the cleanup process.

---------------------------------------------

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 17 July 2013 - 08:06 PM

Computer is still getting warning of Trojan virus and unable to remove. Is currently not redirecting or searching on it's own.

Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 07/17/2013 at 20:48:57.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88DFBC79-202C-4458-8739-37389EDE43BD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Failed to delete: [Folder] "C:\ProgramData\wecarereminder"
Failed to delete: [Folder] "C:\ProgramData\wincert"
Failed to delete: [Folder] "C:\Program Files (x86)\delta"

 

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml"
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\extensions\tuaodjwloj@tuaodjwloj.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\searchplugins\websearch.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\extensions\wecarereminder@bryan
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4guno4fx.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119351&tt=190313_wctrl&babsrc=NT_ss&mntrId=DAB8001D72BDF399");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
user_pref("browser.startup.homepage", "hxxp://isearch.fantastigames.com/465");
user_pref("extensions.wajam.affiliate_id", "6447");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
user_pref("extensions.wajam.trace_log", "1368229137596 - processInstallationUpgrade - version set to : 1.26\n1368229137596 - processBrowserLoad - Bad mappingListJsonString: nu
user_pref("extensions.wajam.unique_id", "BFFCA673E2F1E5CBBAE1E666FB88C306");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.26");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
user_pref("keyword.URL", "hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=107&systemid=465&q=");

 

~~~ Chrome

Dumping contents of C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\knjcnhhchgofojhhmibfkpipkehhgpgi
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\knjcnhhchgofojhhmibfkpipkehhgpgi\manifest.json

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 21:01:49.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 17 July 2013 - 08:24 PM

2nd post from above message.

 

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 21:07:03
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJ41IZP\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Daphne Richard\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Daphne Richard\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Daphne Richard\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Daphne Richard\AppData\LocalLow\delta
Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\x64\mgrldr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\findlyrics
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\f578cd1bd3fef40
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\f578cd1bd3fef40
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-4291101813-3576162679-3184087009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-4291101813-3576162679-3184087009-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4guno4fx.default\prefs.js

Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.trace_log", "1368229137596 - processInstallationUpgrade - version set to[...]
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.24] : search_url = "hxxp://isearch.fantastigames.com/web?src=crb&gct=ds&appid=107&systemid=465&q={s[...]
Deleted [l.2137] : homepage = "hxxp://isearch.fantastigames.com/465",
Deleted [l.2487] : urls_to_restore_on_startup = [ "hxxp://isearch.fantastigames.com/465" ]

File : C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"browser":{"show_home_button":true,"window_placement":{"always_on_top":false,"bottom":966,"left":10[...]

*************************

AdwCleaner[S1].txt - [11263 octets] - [17/07/2013 21:07:03]

########## EOF - C:\AdwCleaner[S1].txt - [11324 octets] ##########



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 17 July 2013 - 08:34 PM

Two reports left. Farbar Recovery Scan Tool's FRST.txt and Addition.txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 17 July 2013 - 08:59 PM

last 2.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Owner (administrator) on 17-07-2013 21:53:37
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SafePCRepair Home Page Guard 64 bit] - C:\PROGRA~2\SAFEPC~2\bar\1.bin\AppIntegrator64.exe [548936 2013-07-16] ()
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 5510d series (NET)] - C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKCU\...\Run: [SmileboxTray] - C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe [305448 2013-06-27] (Smilebox, Inc.)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4291101813-3576162679-3184087009-1000\$3805e07dac4e5b244d44f30b211ea536\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {489d50b7-8ef6-11e2-be76-001d72bdf399} - E:\KODAK_Camera_Setup_App.exe
MountPoints2: {d3abb02c-3290-11e1-9c8d-001d72bdf399} - E:\PhotoViewer.exe
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [uProWebSync] - C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe [764928 2012-09-13] (Callaway)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SafePCRepair Search Scope Monitor] - "C:\PROGRA~2\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h [44784 2013-07-16] (MindSpark)
HKLM-x32\...\Run: [SafePCRepair_89 Browser Plugin Loader] - C:\PROGRA~2\SAFEPC~2\bar\1.bin\89brmon.exe [30096 2013-07-16] (VER_COMPANY_NAME)
HKU\Daphne Richard\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Daphne Richard\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x]
HKU\Daphne Richard\...\Policies\system: [LogonHoursAction] 2
HKU\Daphne Richard\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Garrett and Griffin\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Garrett and Griffin\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB [x]
HKU\Garrett and Griffin\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x]
HKU\Garrett and Griffin\...\RunOnce: [spchecker] - "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\Garrett and Griffin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Garrett and Griffin\...\Policies\system: [LogonHoursAction] 2
AppInit_DLLs:  /f >nul 2>&1  [163328 2010-11-20] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll /f >nul 2>&1 [163328 2010-11-20] ()
Startup: C:\Users\Daphne Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\djesucic.lnk
ShortcutTarget: djesucic.lnk -> C:\Users\Daphne Richard\AppData\Roaming\Microsoft\Djesucic\djesucic.exe (Microsoft Corporation)
Startup: C:\Users\Daphne Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\Garrett and Griffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aymowxq.lnk
ShortcutTarget: aymowxq.lnk -> C:\Users\Garrett and Griffin\AppData\Roaming\Microsoft\Aymowxq\aymowxq.exe (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baynews9.com/
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {6BDC5B67-9C66-40F0-9E55-F704A84A2814} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130416,19853,0,25,0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~2\SAFEPC~2\bar\1.bin\89bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89SrcAs.dll (MindSpark)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89bar.dll (MindSpark)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4guno4fx.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @SafePCRepair_89.com/Plugin - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Yahoo! Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4guno4fx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Web Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Unity Player) - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S2 gupdate1ca89675a084eb5; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-30] (Google Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
S3 ioloService; C:\Program Files (x86)\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent)
R2 SafePCRepair_89Service; C:\PROGRA~2\SAFEPC~2\bar\1.bin\89barsvc.exe [42504 2013-07-16] (COMPANYVERS_NAME)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S3 B-Service; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WL0BJJ8W\B-Service.exe [x]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-17 21:53 - 2013-07-17 21:53 - 00000000 ____D C:\FRST
2013-07-17 21:07 - 2013-07-17 21:07 - 00011348 _____ C:\AdwCleaner[S1].txt
2013-07-17 21:07 - 2013-07-17 21:07 - 00000316 _____ C:\Windows\DeleteOnReboot.bat
2013-07-17 21:01 - 2013-07-17 21:01 - 00007601 _____ C:\Users\Owner\Desktop\JRT.txt
2013-07-17 20:48 - 2013-07-17 20:48 - 00003250 _____ C:\Windows\System32\Tasks\{BA84F69E-D404-4937-8D07-1565B1A169E3}
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-16 20:00 - 2013-07-16 20:00 - 00013783 _____ C:\Users\Owner\Desktop\dds.txt
2013-07-16 20:00 - 2013-07-16 20:00 - 00010263 _____ C:\Users\Owner\Desktop\attach.txt
2013-07-16 16:14 - 2013-07-16 18:22 - 00016331 _____ C:\Users\Owner\Desktop\avgrep.txt
2013-07-16 16:11 - 2013-07-16 16:11 - 00000000 ____D C:\Windows\pss
2013-07-16 14:56 - 2013-07-16 14:56 - 00002538 _____ C:\Users\Owner\Desktop\ContinueInstalliSafe.lnk
2013-07-16 14:48 - 2013-07-16 15:43 - 00000000 ____D C:\Program Files (x86)\SafePCRepair
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Users\Owner\AppData\Local\SafePCRepair_89
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Users\Owner\AppData\Local\iolo
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\ProgramData\iolo
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Program Files (x86)\SafePCRepair_89
2013-07-14 08:52 - 2013-07-14 08:52 - 00000507 _____ C:\Windows\SysWOW64\userawacs.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000080 _____ C:\Windows\SysWOW64\usergui.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
2013-07-13 19:11 - 2013-07-13 19:11 - 00277768 _____ C:\Windows\Minidump\071313-27643-01.dmp
2013-07-13 11:34 - 2013-07-13 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Qynuix
2013-07-13 11:34 - 2013-07-13 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yrli
2013-07-13 11:34 - 2013-07-13 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xiotux
2013-07-12 16:45 - 2013-07-13 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ekopha
2013-07-12 16:45 - 2013-07-12 16:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ifof
2013-07-12 16:45 - 2013-07-12 16:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Aqxuw
2013-07-12 16:44 - 2013-07-13 16:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Luolg
2013-07-12 16:44 - 2013-07-13 16:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Neohd
2013-07-12 16:44 - 2013-07-12 16:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Igpe
2013-07-10 19:36 - 2013-07-10 19:36 - 00277768 _____ C:\Windows\Minidump\071013-30201-01.dmp
2013-07-10 03:06 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 03:06 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 03:06 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 03:06 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 03:06 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 03:06 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 03:06 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 03:06 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 03:06 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 03:06 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 03:06 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 03:06 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 02:31 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 02:31 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 02:31 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 02:31 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 02:31 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 02:31 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 02:31 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-01 15:31 - 2013-07-01 15:31 - 00277768 _____ C:\Windows\Minidump\070113-30388-01.dmp
2013-06-29 08:56 - 2013-06-29 08:56 - 00003590 _____ C:\Windows\System32\Tasks\mxsnyvavyupd
2013-06-25 21:22 - 2013-06-25 21:22 - 00277768 _____ C:\Windows\Minidump\062513-25864-01.dmp
2013-06-19 12:57 - 2013-06-19 12:57 - 00277768 _____ C:\Windows\Minidump\061913-26707-01.dmp

==================== One Month Modified Files and Folders =======

2013-07-17 21:53 - 2013-07-17 21:53 - 00000000 ____D C:\FRST
2013-07-17 21:48 - 2009-07-14 01:13 - 00730512 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 21:39 - 2012-03-31 23:38 - 00000324 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-17 21:36 - 2009-12-30 11:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 21:31 - 2012-06-24 18:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 21:26 - 2009-09-03 23:32 - 00000000 ____D C:\Users\Owner\E mail data
2013-07-17 21:24 - 2013-04-19 06:40 - 00000402 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-07-17 21:21 - 2013-05-31 13:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-17 21:21 - 2013-01-25 08:17 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-07-17 21:21 - 2009-12-30 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 21:16 - 2009-12-01 20:10 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 21:16 - 2009-12-01 20:10 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 21:09 - 2013-03-27 03:17 - 00502564 _____ C:\Windows\setupact.log
2013-07-17 21:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 21:08 - 2013-04-30 04:35 - 00019566 _____ C:\Windows\PFRO.log
2013-07-17 21:07 - 2013-07-17 21:07 - 00011348 _____ C:\AdwCleaner[S1].txt
2013-07-17 21:07 - 2013-07-17 21:07 - 00000316 _____ C:\Windows\DeleteOnReboot.bat
2013-07-17 21:07 - 2009-12-01 20:52 - 02017024 _____ C:\Windows\WindowsUpdate.log
2013-07-17 21:01 - 2013-07-17 21:01 - 00007601 _____ C:\Users\Owner\Desktop\JRT.txt
2013-07-17 20:48 - 2013-07-17 20:48 - 00003250 _____ C:\Windows\System32\Tasks\{BA84F69E-D404-4937-8D07-1565B1A169E3}
2013-07-17 20:43 - 2013-05-10 08:44 - 00000000 ____D C:\ProgramData\Wincert
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 20:36 - 2011-04-18 20:54 - 00000000 ____D C:\ProgramData\MFAData
2013-07-17 08:11 - 2011-04-18 21:09 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{874844DD-A940-4DAB-B356-AF79ECBC4A38}
2013-07-17 07:55 - 2013-04-19 06:40 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-07-16 20:00 - 2013-07-16 20:00 - 00013783 _____ C:\Users\Owner\Desktop\dds.txt
2013-07-16 20:00 - 2013-07-16 20:00 - 00010263 _____ C:\Users\Owner\Desktop\attach.txt
2013-07-16 20:00 - 2010-04-16 11:00 - 00000000 ____D C:\Users\Owner\Desktop\Kevin's
2013-07-16 18:22 - 2013-07-16 16:14 - 00016331 _____ C:\Users\Owner\Desktop\avgrep.txt
2013-07-16 16:11 - 2013-07-16 16:11 - 00000000 ____D C:\Windows\pss
2013-07-16 15:43 - 2013-07-16 14:48 - 00000000 ____D C:\Program Files (x86)\SafePCRepair
2013-07-16 15:43 - 2012-05-12 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 15:43 - 2012-05-12 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-16 15:43 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 15:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-16 15:43 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-16 15:43 - 2009-04-02 04:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 15:42 - 2013-04-19 18:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeFileViewer
2013-07-16 15:42 - 2013-02-26 21:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Smilebox
2013-07-16 15:42 - 2010-06-12 16:38 - 00000000 ____D C:\Users\Owner\Documents\YNAB
2013-07-16 15:42 - 2009-12-07 06:07 - 00000000 ____D C:\Windows\Minidump
2013-07-16 15:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2013-07-16 15:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-16 15:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-07-16 14:56 - 2013-07-16 14:56 - 00002538 _____ C:\Users\Owner\Desktop\ContinueInstalliSafe.lnk
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Users\Owner\AppData\Local\SafePCRepair_89
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Users\Owner\AppData\Local\iolo
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\ProgramData\iolo
2013-07-16 14:48 - 2013-07-16 14:48 - 00000000 ____D C:\Program Files (x86)\SafePCRepair_89
2013-07-16 14:29 - 2009-08-08 23:23 - 00000000 ____D C:\Users\Owner\AppData\Local\ArcSoft
2013-07-14 08:52 - 2013-07-14 08:52 - 00000507 _____ C:\Windows\SysWOW64\userawacs.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000080 _____ C:\Windows\SysWOW64\usergui.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
2013-07-14 08:52 - 2013-07-14 08:52 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
2013-07-14 08:52 - 2013-05-18 07:45 - 00000906 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-13 19:11 - 2013-07-13 19:11 - 00277768 _____ C:\Windows\Minidump\071313-27643-01.dmp
2013-07-13 19:11 - 2009-12-07 06:07 - 534449352 _____ C:\Windows\MEMORY.DMP
2013-07-13 18:54 - 2013-03-25 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 16:28 - 2013-07-12 16:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Luolg
2013-07-13 16:28 - 2012-03-29 20:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HP
2013-07-13 16:26 - 2013-07-13 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Qynuix
2013-07-13 16:26 - 2013-07-12 16:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ekopha
2013-07-13 16:25 - 2013-07-12 16:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Neohd
2013-07-13 11:34 - 2013-07-13 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yrli
2013-07-13 11:34 - 2013-07-13 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xiotux
2013-07-12 21:39 - 2009-12-30 11:47 - 00002124 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 16:45 - 2013-07-12 16:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ifof
2013-07-12 16:45 - 2013-07-12 16:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Aqxuw
2013-07-12 16:44 - 2013-07-12 16:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Igpe
2013-07-12 16:41 - 2013-05-18 07:37 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2013-07-12 15:31 - 2009-12-30 11:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 15:31 - 2009-12-30 11:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 19:36 - 2013-07-10 19:36 - 00277768 _____ C:\Windows\Minidump\071013-30201-01.dmp
2013-07-10 03:31 - 2009-07-14 00:45 - 00435312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 03:08 - 2010-04-10 06:53 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 17:11 - 2009-12-01 20:11 - 00000000 ____D C:\Users\Owner
2013-07-09 17:11 - 2009-12-01 20:11 - 00000000 ____D C:\Users\Garrett and Griffin
2013-07-09 17:11 - 2009-12-01 20:11 - 00000000 ____D C:\Users\Daphne Richard
2013-07-09 17:06 - 2009-04-02 04:32 - 00000000 __RHD C:\MSOCache
2013-07-08 12:49 - 2013-02-26 21:38 - 00000000 ____D C:\Users\Owner\Documents\My Smilebox Creations
2013-07-01 15:31 - 2013-07-01 15:31 - 00277768 _____ C:\Windows\Minidump\070113-30388-01.dmp
2013-06-29 09:13 - 2010-12-26 15:13 - 00000000 ____D C:\Users\Owner\Tracing
2013-06-29 08:59 - 2012-06-29 07:53 - 00001135 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-29 08:59 - 2012-06-29 07:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-29 08:56 - 2013-06-29 08:56 - 00003590 _____ C:\Windows\System32\Tasks\mxsnyvavyupd
2013-06-27 06:51 - 2013-05-22 17:13 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-06-27 06:51 - 2012-09-04 07:47 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-06-25 21:22 - 2013-06-25 21:22 - 00277768 _____ C:\Windows\Minidump\062513-25864-01.dmp
2013-06-22 21:05 - 2013-01-22 08:36 - 00004608 _____ C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 12:57 - 2013-06-19 12:57 - 00277768 _____ C:\Windows\Minidump\061913-26707-01.dmp

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4291101813-3576162679-3184087009-1000\$3805e07dac4e5b244d44f30b211ea536

Files to move or delete:
====================
C:\Users\Owner\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-13 12:50

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Owner at 2013-07-17 21:57:18
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 2013 (Version: 2013.0.3349)
10 Days Under The Sea (x32)
Acrobat.com (x32 Version: 1.7.258)
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader 9.2 (x32 Version: 9.2.0)
Amazing Adventures Around the World™ (x32)
Amazing Adventures The Caribbean Secret™ (x32)
Amazing Finds (x32)
Apple Application Support (x32 Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Print Creations - Album Page (x32)
ArcSoft Print Creations - Funhouse (x32)
ArcSoft Print Creations - Greeting Card (x32)
ArcSoft Print Creations - Photo Book (x32)
ArcSoft Print Creations - Photo Calendar (x32)
ArcSoft Print Creations - Scrapbook (x32)
ArcSoft Print Creations - Slimline Card (x32)
ArcSoft Print Creations (x32 Version: 2.8.255.384)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
AVG PC Tuneup 2011 (x32 Version: 10.0.0.24)
Big City Adventure - San Francisco (x32)
Big City Adventure™ - Sydney (x32)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Can You See What I See - Dream Machine (x32)
CardRd81 (x32 Version: 4.00.0000.0004)
CCScore (x32 Version: 7.00.0000.0001)
Choice Guard (x32 Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Content Manager (x32 Version: 2.61)
Coupon Printer for Windows (x32 Version: 5.0.0.2)
CR2 (x32 Version: 4.00.0000.0003)
CWA Reminder by We-Care.com v4.1.21.3 (x32 Version: 4.1.21.3)
CyberLink Power2Go (x32 Version: 6.0.2325a)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Double Play Jewel Quest II and Jewel Quest III (x32)
Drive Manager (x32 Version: 1.00.0012)
EPSON Scan (x32)
ESSBrwr (x32 Version: 8.00.0000.0001)
ESSCDBK (x32 Version: 8.00.0000.0001)
ESScore (x32 Version: 8.00.0000.0001)
ESSgui (x32 Version: 8.00.0000.0001)
ESSini (x32 Version: 8.00.0000.0001)
ESSPCD (x32 Version: 7.01.0000.0001)
ESSPDock (x32 Version: 6.03.0001.0004)
ESSTOOLS (x32 Version: 5.00.0000.0004)
essvatgt (x32 Version: 8.00.0000.0001)
File Type Assistant (x32 Version: 2013.4.8.0)
FirstClass® Client (x32 Version: 10.0 (build 10.009))
Free File Viewer 2012 (x32 Version: 2012.10.9.0)
Gateway Games (x32 Version: 1.0.0.80)
Gateway Photo Frame 4.2.3.6 (x32 Version: 4.2.3.6)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 4.0.0.002)
Google Toolbar for Internet Explorer (x32)
Google Update Helper (x32 Version: 1.3.21.153)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Photosmart 5510d series Basic Device Software (Version: 25.0.607.0)
HP Photosmart 5510d series Help (x32 Version: 140.0.2.2)
HP Photosmart 5510d series Product Improvement Study (Version: 25.0.607.0)
HP Update (x32 Version: 5.003.001.001)
IHA_MessageCenter (x32 Version: 1.1.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime (x32 Version: 009.000.0002)
iTunes (Version: 10.6.3.25)
Java Auto Updater (x32 Version: 2.1.6.0)
Java™ 6 Update 41 (x32 Version: 6.0.410)
Java™ 6 Update 5 (x32 Version: 1.6.0.50)
Java™ 7 Update 4 (x32 Version: 7.0.40)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Junk Mail filter update (x32 Version: 14.0.8050.1202)
KB0817 Keyboard Driver (x32 Version: 1.30.0000)
Kodak EasyShare software (x32)
Little Shop - Road Trip (x32)
Little Shop - World Traveler (x32)
Little Shop of Treasures (x32)
Little Shop of Treasures 2 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Money Essentials (x32 Version: 16)
Microsoft Money Shared Libraries (x32 Version: 16.0.0.705)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 20.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.65)
netbrdg (x32 Version: 7.01.0000.0001)
OfotoXMI (x32 Version: 7.02.0000.0001)
PlayReady PC runtime (Version: 1)
PreReq (x32 Version: 6.2.3.0)
QuickTime (x32 Version: 7.72.80.56)
RealArcade (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5888)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
SafePCRepair Internet Explorer Toolbar (x32)
Settings Alerter (x32 Version: 5.0.0.6907)
SFR (x32 Version: 7.01.0000.0003)
SFR2 (x32 Version: 3.03.0000.0002)
SHASTA (x32 Version: 7.01.0000.0001)
skin0001 (x32 Version: 8.00.0000.0001)
SKINXSDK (x32 Version: 7.01.0000.0001)
Slingo Quest (x32)
Smilebox (HKCU Version: 1.1.1.1)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
staticcr (x32 Version: 8.00.0000.0001)
TurboTax 2009 (x32)
TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0238)
TurboTax 2009 wrapper (x32 Version: 009.000.0145)
TurboTax 2010 (x32)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214)
TurboTax 2010 wrapper (x32 Version: 010.000.0157)
TurboTax 2011 (x32)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
Unity Web Player (HKCU Version: )
Unity Web Player (x32 Version: 2.5.1f5_24931)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Upgrade Kit (x32 Version: 1.00.3002)
UPRO Connector (x32 Version: 1.0.2)
uPro MX Software Upgrade (HKCU)
UPRO sync (x32 Version: 1.0.16)
Verizon Help and Support Tool (x32)
Video Converter (HKCU)
VideoCam Suite 2.0 (x32 Version: 2.00.031.1033)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VPRINTOL (x32 Version: 7.01.0000.0001)
Vz In Home Agent (x32 Version: 8.03.25)
Web Games Player Plugin (x32)
Windows Live Call (x32 Version: 14.0.8050.1202)
Windows Live Communications Platform (x32 Version: 14.0.8050.1202)
Windows Live Essentials (x32 Version: 14.0.8050.1202)
Windows Live Mail (x32 Version: 14.0.8050.1202)
Windows Live Messenger (x32 Version: 14.0.8050.1202)
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.6)
Windows Live Sync (x32 Version: 14.0.8050.1202)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8050.1202)
WIRELESS (x32 Version: 7.02.0000.0001)
YNAB 3 (x32 Version: 3.6.0)
YNAB 3 (x32 Version: 3.6.0.5)

==================== Restore Points  =========================

Could not list Restore Points.

==================== Hosts content: ==========================

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08294AC6-D379-4D9E-B2F2-1CEC94556095} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-30] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1B506080-9459-4FB5-B6C6-D478C27DBDDD} - System32\Tasks\mxsnyvavyupd => C:\Windows\system32\cscript.exe [2009-07-13] (Microsoft Corporation)
Task: {2078A6DF-E15A-4E0C-B650-C8FCF9420361} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {2156C7A4-2A8F-4F44-9588-8107AC2D4102} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS)
Task: {2370EB52-C040-408D-9C66-855BFED4DD29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {42E82A14-C000-4455-90F7-6A6771BE8B76} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-11-30] (AVG)
Task: {4C39CEE4-F593-458C-A519-C679F4AAFC87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {507B6181-C72B-45F0-8DC6-601BEE8DF1E2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {52C7790C-BB54-4E33-90DC-037556891046} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-08] (                                                            )
Task: {5C9E5AD0-17F3-4489-92DA-0666E90C39DE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-31] ()
Task: {64D0C5B9-5E3D-46A7-924A-31250E996930} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {6EDBB580-4FE9-45BF-B00E-C59F702A7220} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe No File
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {9EB061F1-CE8F-4D90-B875-A26E0A1C0163} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {AE495380-9B5B-43E4-9353-87F8925A1AAE} - System32\Tasks\User_Feed_Synchronization-{874844DD-A940-4DAB-B356-AF79ECBC4A38} => C:\Windows\system32\msfeedssync.exe [2013-03-24] (Microsoft Corporation)
Task: {B23FA0D9-7947-4C1A-AE1B-688ECB4B40ED} - System32\Tasks\HPCustParticipation HP Photosmart 5510d series => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {BCC79346-F796-4703-98F2-F5B8A096242F} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe No File
Task: {C76F570D-3BEC-4E70-B4CE-820ADB5535E3} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {D02DB442-A532-4347-B44D-1E67E85D0716} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-30] (Google Inc.)
Task: {E003EA5D-2AC3-483A-940A-4CB9837BC7E4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9E46707F-7012-4202-B17D-CCE995B74B6A}.exe No File
Task: {E86260F0-0CC0-43F9-9D3C-B32C9C90B3CE} - System32\Tasks\hpUrlLauncher.exe_{5DE01042-E3F6-46F6-AEA5-C9CFE222201D} => C:\Program Files\HP\HP Photosmart 5510d series\Bin\utils\hpUrlLauncher.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {FE729E00-D28E-4133-BFB4-9E6F73061300} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9E46707F-7012-4202-B17D-CCE995B74B6A}.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Faulty Device Manager Devices =============

Could not list Devices.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2013 09:11:25 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (07/17/2013 09:10:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/17/2013 09:09:03 PM) (Source: Service Control Manager) (User: )
Description: The B's Recorder GOLD Library General Service service failed to start due to the following error:
%%1053

Error: (07/17/2013 09:09:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the B's Recorder GOLD Library General Service service to connect.

Microsoft Office Sessions:
=========================
Error: (07/17/2013 09:11:25 PM) (Source: SecurityCenter)(User: )
Description:

Error: (07/17/2013 09:10:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2009-12-01 18:06:55.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-01 18:06:55.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-01 18:06:55.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-01 18:06:55.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-01 18:06:55.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 4061.18 MB
Available physical RAM: 2136.52 MB
Total Pagefile: 8120.54 MB
Available Pagefile: 5964.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (The Richard's computer) (Fixed) (Total:583.17 GB) (Free:271.78 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive g: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:1230.32 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: CD6556B4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=583 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 15129D35)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 17 July 2013 - 09:21 PM

You should download FRST64.exe to your desktop.

 

Then download the enclosed file. [attachment=139973:fixlist.txt]

 

Save it next to FRST64.

 

Run FRST64 and click on the Fix button. Wait until the process finishes.

 

The tool will make a log next to FRST64, (Fixlog.txt). Please post it to your reply.

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 July 2013 - 02:06 PM

Computer is still detecting viruses, some of which are being removed by AVG. Trojan Horse generic 29 is not being removed. I could not find the C:\Program Files\ESET\EsetOnlineScanner\log.txt. but I was able to copy the files that were found infected. See below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Owner at 2013-07-18 07:59:55 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKU\Garrett and Griffin\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_JAN2013_TB => Value deleted successfully.
HKU\Garrett and Griffin\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value deleted successfully.
HKU\Garrett and Griffin\Software\Microsoft\Windows\CurrentVersion\RunOnce\\spchecker => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Daphne Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\djesucic.lnk => Moved successfully.
C:\Users\Daphne Richard\AppData\Roaming\Microsoft\Djesucic\djesucic.exe => Moved successfully.
C:\Users\Garrett and Griffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aymowxq.lnk => Moved successfully.
C:\Users\Garrett and Griffin\AppData\Roaming\Microsoft\Aymowxq\aymowxq.exe => Moved successfully.
C:\Windows\System32\Tasks\mxsnyvavyupd => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-4291101813-3576162679-3184087009-1000\$3805e07dac4e5b244d44f30b211ea536 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B506080-9459-4FB5-B6C6-D478C27DBDDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B506080-9459-4FB5-B6C6-D478C27DBDDD} => Key deleted successfully.
C:\Windows\System32\Tasks\mxsnyvavyupd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mxsnyvavyupd => Key deleted successfully.

==== End of Fixlog ====

 

C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Program Files (x86)\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application
C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AZ application
C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\background.js Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\cs.js Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Daphne Richard\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx JS/Redirector.NCG trojan
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0\Firefox_Setup_19.0.2.exe a variant of Win32/InstallCore.BY application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0\yontoosetup[1].exe multiple threats
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN\FreeFileViewer2012Setup.exe a variant of Win32/InstallIQ.A application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN\yontoosetup[1].exe multiple threats
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E\pack[1].7z multiple threats
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E\VideoConverterSetup.exe a variant of Win32/InstallCore.AZ application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJ41IZP\SafePCRepair.exe Win32/AdInstaller application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8\App24x7Help[1].cab a variant of Win32/24x7Help.B application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8\wajam_install[1].exe Win32/Wajam.A application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN\iSafe.exe a variant of Win32/ELEX.L application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E07116UP\VideoConverterSetup[1].exe a variant of Win32/InstallCore.AZ application
C:\Users\Owner\AppData\Local\Temp\che5F0C.tmp Win32/Adware.AddLyrics.F application
C:\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup_19.0.2.exe a variant of Win32/InstallCore.BY application
C:\Users\Owner\AppData\Local\Temp\jar_cache5193663883903049457.tmp multiple threats
C:\Users\Owner\AppData\Local\Temp\jar_cache8970716618297025040.tmp multiple threats
C:\Users\Owner\AppData\Local\Temp\setup.exe a variant of Win32/AirAdInstaller.A application
C:\Users\Owner\AppData\Local\Temp\670899D1-BAB0-7891-AB07-EB88C027A0BD\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C application
C:\Users\Owner\AppData\Local\Temp\670899D1-BAB0-7891-AB07-EB88C027A0BD\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application
C:\Users\Owner\AppData\Local\Temp\670899D1-BAB0-7891-AB07-EB88C027A0BD\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E application
C:\Users\Owner\AppData\Local\Temp\hnxyck\hnxyck.dll Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Owner\AppData\Local\Temp\is1275519350\Hoolapp.exe a variant of Win32/InstallCore.BI application
C:\Users\Owner\AppData\Local\Temp\is1275519350\PCFixSpeedSetup.exe multiple threats
C:\Users\Owner\AppData\Local\Temp\is1275519350\UpdaterEX.exe a variant of Win32/InstallCore.BD application
C:\Users\Owner\AppData\Local\Temp\is1275519350\wajam_download.exe Win32/Wajam.C application
C:\Users\Owner\AppData\Local\Temp\is1275519350\yontoo-C4.exe multiple threats
C:\Users\Owner\AppData\Local\Temp\is202948896\wajam_download.exe Win32/Wajam.B application
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2ff5aa17-19b612ce a variant of Java/Exploit.CVE-2013-2423.EF trojan
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a3f87a8-22cf1f79 a variant of Java/Exploit.CVE-2013-2423.EF trojan
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5e91bd85-19d81731 multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\447311f3-594ada03 multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\c8c6b88-68ceea73 Java/Exploit.CVE-2011-3544.AQ trojan
C:\Users\Owner\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110419045211103.rsc multiple threats
C:\Windows\Temp\nyvavy.mkt Win32/Qbot.BD trojan
G:\Backup\OWNER-PC\History\Level2\C\Users\Owner\Daphne Richard\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
G:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx JS/Redirector.NCG trojan
G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js Win32/TrojanDownloader.Tracur.AH trojan
G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js Win32/TrojanDownloader.Tracur.AH trojan
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0\Firefox_Setup_19.0.2.exe a variant of Win32/InstallCore.BY application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0\yontoosetup[1].exe multiple threats
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN\FreeFileViewer2012Setup.exe a variant of Win32/InstallIQ.A application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN\yontoosetup[1].exe multiple threats
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E\pack[1].7z multiple threats
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E\VideoConverterSetup.exe a variant of Win32/InstallCore.AZ application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJ41IZP\SafePCRepair.exe Win32/AdInstaller application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8\App24x7Help[1].cab a variant of Win32/24x7Help.B application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8\wajam_install[1].exe Win32/Wajam.A application
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN\iSafe.exe a variant of Win32/ELEX.L application
Operating memory probably a variant of Win32/Toolbar.MyWebSearch.P application
 



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 18 July 2013 - 02:56 PM

Download OTL  to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • OTL should now start.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     

     

    :files
    C:\Program Files (x86)\SafePCRepair_89
    C:\Program Files (x86)\VideoConverter
    C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\background.js
    C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\cs.js
    C:\Users\Daphne Richard\Downloads\couponprinter.exe
    C:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js
    C:\Users\Owner\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110419045211103.rsc multiple threats
    G:\Backup\OWNER-PC\History\Level2\C\Users\Owner\Daphne Richard\Downloads\couponprinter.exe
    G:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx JS
    G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js
    G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJ41IZP
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8
    G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [EMPTYJAVA]
    [REBOOT]
     

     

     

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 July 2013 - 04:18 PM

All processes killed
========== FILES ==========
C:\Program Files (x86)\SafePCRepair_89\bar\Settings folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar\Message folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar\IE9Mesg folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar\gen1 folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar\1.bin folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89\bar folder moved successfully.
C:\Program Files (x86)\SafePCRepair_89 folder moved successfully.
C:\Program Files (x86)\VideoConverter\Uninstall folder moved successfully.
C:\Program Files (x86)\VideoConverter\bin folder moved successfully.
C:\Program Files (x86)\VideoConverter folder moved successfully.
C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\background.js moved successfully.
C:\Users\Daphne Richard\AppData\Local\Google\Chrome\User Data\Default\Users\bpiicogbmofpjekdhpngdnpmikekcknl\cs.js moved successfully.
C:\Users\Daphne Richard\Downloads\couponprinter.exe moved successfully.
C:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js moved successfully.
File\Folder C:\Users\Owner\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110419045211103.rsc multiple threats not found.
G:\Backup\OWNER-PC\History\Level2\C\Users\Owner\Daphne Richard\Downloads\couponprinter.exe moved successfully.
File\Folder G:\Users\Owner\AppData\Local\cbf5b9cd-f118-4485-a5ca-9655a3b610da.crx JS not found.
G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\background.js moved successfully.
G:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Users\ggpakgkmoillbibbkceanffpnjpeepba\cs.js moved successfully.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0 scheduled to be moved on reboot.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN scheduled to be moved on reboot.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E scheduled to be moved on reboot.
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJ41IZP folder moved successfully.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8 scheduled to be moved on reboot.
G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY1UIZSN folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daphne Richard
->Temp folder emptied: 19308626 bytes
->Temporary Internet Files folder emptied: 666693749 bytes
->Java cache emptied: 27330493 bytes
->Google Chrome cache emptied: 24454739 bytes
->Flash cache emptied: 61108 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Garrett and Griffin
->Temp folder emptied: 902 bytes
->Temporary Internet Files folder emptied: 584008 bytes
->Flash cache emptied: 7785 bytes
 
User: Owner
->Temp folder emptied: 5230927170 bytes
->Temporary Internet Files folder emptied: 1731816524 bytes
->Java cache emptied: 47203331 bytes
->FireFox cache emptied: 42396684 bytes
->Google Chrome cache emptied: 360373154 bytes
->Flash cache emptied: 62013 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 779884088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72052930 bytes
RecycleBin emptied: 1218860 bytes
 
Total Files Cleaned = 8,587.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Daphne Richard
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Garrett and Griffin
 
User: Owner
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07182013_165942

Files\Folders moved on Reboot...
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0 scheduled to be moved on reboot.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEZ2DOGN scheduled to be moved on reboot.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O749TG6E scheduled to be moved on reboot.
Folder move failed. G:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3VNRTX8 scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32041TLM\i[1] moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16NDAGM0\index[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 18 July 2013 - 04:29 PM

  • Remove Quarantined items by your security programs
  • Run OTL and click on the Cleanup button. That will remove itself as well as the quarantined items.
  • Run ADWCleaner and click on uninstall.

Then let me know if the Computer is still detecting viruses.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 July 2013 - 06:29 PM

It appears to have worked, can't find any viruses. I ran a full scan with AVG13 and Malwarebytes and nothing came up. The only thing I am finding wrong is when I set my homepage in Internet Explorer it keeps going back to http://isearch.fantastigames.com/ no matter what I do.

 

Thanks for all your help!



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 18 July 2013 - 10:35 PM

Lets perform a scan.

 

Download OTL  to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post  the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.


 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 WKRichard

WKRichard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 19 July 2013 - 08:40 AM

No more Trojan viruses popping up, thanks! Here are the two text files.

 

OTL logfile created on: 7/19/2013 9:24:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 72.18% Memory free
7.93 Gb Paging File | 5.91 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 278.44 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 1229.72 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/19 09:24:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/06/27 17:46:24 | 000,305,448 | ---- | M] (Smilebox, Inc.) -- C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2013/06/27 06:51:16 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/09/13 11:08:08 | 000,764,928 | ---- | M] (Callaway) -- C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/12 17:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/23 02:45:08 | 000,475,184 | ---- | M] () -- C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll
MOD - [2013/04/23 02:45:04 | 000,017,968 | ---- | M] () -- C:\Program Files (x86)\Settings Alerter\Datamngr\mgrldr.dll
MOD - [2012/03/31 23:38:12 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/27 06:51:16 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/11 21:38:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/06 19:56:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/04/05 13:40:32 | 002,625,800 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\SafePCRepair\ioloToolService.exe -- (ioloService)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 22:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 17:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/27 06:51:16 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 21:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/21 17:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.costco.com/.product.11609953.html?cm_sp=RichRelevance-_-categorypageHorizontalTop-_-PopularProductsInCategory&cm_vc=categorypageHorizontalTop|PopularProductsInCategory
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {be823b8c-a7ec-4078-a321-0f8046cbb48a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKCU\..\SearchScopes\{6BDC5B67-9C66-40F0-9E55-F704A84A2814}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130416,19853,0,25,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130416,19858,0,25,0"
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.18.1
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6907
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: tuaodjwloj%40tuaodjwloj.org:2.9.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin: C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\NP89Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/06 19:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/17 20:43:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/06 19:56:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/17 20:43:40 | 000,000,000 | ---D | M]
 
[2013/05/10 08:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2013/07/17 20:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4guno4fx.default\Extensions
[2013/05/27 21:31:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4guno4fx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/05/10 08:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/13 18:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/07/13 18:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/07/13 18:54:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/06 19:56:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2013/07/18 17:11:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Toolbar BHO) - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~2\SAFEPC~2\bar\1.bin\89bar.dll File not found
O2 - BHO: (Search Assistant BHO) - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89SrcAs.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SafePCRepair) - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SafePCRepair Home Page Guard 64 bit] "C:\PROGRA~2\SAFEPC~2\bar\1.bin\AppIntegrator64.exe" File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SafePCRepair Search Scope Monitor] "C:\PROGRA~2\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [SafePCRepair_89 Browser Plugin Loader] C:\PROGRA~2\SAFEPC~2\bar\1.bin\89brmon.exe File not found
O4 - HKLM..\Run: [uProWebSync] C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe (Callaway)
O4 - HKCU..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/27 18:46:52 | 000,000,205 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{489d50b7-8ef6-11e2-be76-001d72bdf399}\Shell - "" = AutoRun
O33 - MountPoints2\{489d50b7-8ef6-11e2-be76-001d72bdf399}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{d3abb02c-3290-11e1-9c8d-001d72bdf399}\Shell - "" = AutoRun
O33 - MountPoints2\{d3abb02c-3290-11e1-9c8d-001d72bdf399}\Shell\AutoRun\command - "" = E:\PhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Alerter\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 09:24:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/19 09:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/07/17 20:41:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/16 16:11:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/16 14:48:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SafePCRepair_89
[2013/07/16 14:48:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\iolo
[2013/07/16 14:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/07/16 14:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafePCRepair
[2013/07/14 08:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/13 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yrli
[2013/07/13 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xiotux
[2013/07/13 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Qynuix
[2013/07/12 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ifof
[2013/07/12 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ekopha
[2013/07/12 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Aqxuw
[2013/07/12 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Neohd
[2013/07/12 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Luolg
[2013/07/12 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Igpe
[2013/07/10 03:06:59 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:06:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:06:58 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 03:06:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 03:06:58 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:06:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:06:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 03:06:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 03:06:58 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 03:06:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 03:06:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 03:06:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:06:56 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 03:06:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:06:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 02:31:36 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 02:31:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 02:31:36 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 02:31:36 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 02:31:24 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 09:25:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/07/19 09:24:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/19 09:21:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 08:36:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 08:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 06:44:55 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/07/18 21:18:09 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 21:18:09 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 21:15:05 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 21:15:05 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 21:15:05 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 21:12:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 21:12:55 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 21:12:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/18 21:10:27 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 17:56:14 | 000,001,898 | ---- | M] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2013/07/18 17:11:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/07/17 21:07:33 | 000,000,316 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 14:56:08 | 000,002,538 | ---- | M] () -- C:\Users\Owner\Desktop\ContinueInstalliSafe.lnk
[2013/07/14 08:52:37 | 000,000,507 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2013/07/14 08:52:36 | 000,000,050 | ---- | M] () -- C:\Windows\SysWow64\outlook.cfg
[2013/07/14 08:52:35 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2013/07/14 08:52:35 | 000,000,060 | ---- | M] () -- C:\Windows\SysWow64\userguistate.cfg
[2013/07/14 08:52:24 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/13 19:11:20 | 534,449,352 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/12 21:39:10 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/10 03:31:48 | 000,435,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/29 08:59:52 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/27 06:51:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/22 21:05:32 | 000,004,608 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/20 18:46:16 | 000,394,941 | ---- | M] () -- C:\Users\Owner\Documents\Scan0004.pdf
[2013/06/20 18:45:14 | 000,259,552 | ---- | M] () -- C:\Users\Owner\Documents\Scan0003.pdf
[2013/06/19 16:55:47 | 000,442,162 | ---- | M] () -- C:\Users\Owner\Documents\Scan0003.jpg
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/18 17:56:14 | 000,001,898 | ---- | C] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2013/07/17 21:07:11 | 000,000,316 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 14:56:08 | 000,002,538 | ---- | C] () -- C:\Users\Owner\Desktop\ContinueInstalliSafe.lnk
[2013/07/14 08:52:37 | 000,000,507 | ---- | C] () -- C:\Windows\SysWow64\userawacs.cfg
[2013/07/14 08:52:36 | 000,000,050 | ---- | C] () -- C:\Windows\SysWow64\outlook.cfg
[2013/07/14 08:52:35 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\usergui.cfg
[2013/07/14 08:52:35 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\userguistate.cfg
[2013/06/20 18:46:16 | 000,394,941 | ---- | C] () -- C:\Users\Owner\Documents\Scan0004.pdf
[2013/06/20 18:45:14 | 000,259,552 | ---- | C] () -- C:\Users\Owner\Documents\Scan0003.pdf
[2013/06/19 16:55:47 | 000,442,162 | ---- | C] () -- C:\Users\Owner\Documents\Scan0003.jpg
[2013/01/22 08:36:34 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/29 18:51:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/20 21:42:59 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/02/21 21:17:02 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/24 20:49:56 | 000,010,988 | -HS- | C] () -- C:\Users\Owner\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/24 20:49:56 | 000,010,988 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/06/25 11:18:20 | 000,001,216 | -HS- | C] () -- C:\Users\Owner\AppData\Local\13gpr2hj11f04eu87q3qw51t4w67sao78p15gh8lk6e
[2011/06/25 11:18:20 | 000,001,216 | -HS- | C] () -- C:\ProgramData\13gpr2hj11f04eu87q3qw51t4w67sao78p15gh8lk6e
[2011/05/05 20:47:06 | 000,025,145 | ---- | C] () -- C:\Users\Owner\hat.jpg
[2011/04/18 16:37:52 | 000,014,318 | -HS- | C] () -- C:\Users\Owner\AppData\Local\43clei68x3dim0e6a7a5j2fk2b518pt86ibu0q80g
[2011/04/18 16:37:52 | 000,014,318 | -HS- | C] () -- C:\ProgramData\43clei68x3dim0e6a7a5j2fk2b518pt86ibu0q80g
[2010/07/08 05:45:53 | 000,000,391 | ---- | C] () -- C:\Users\Owner\exe.js
[2009/12/01 21:11:30 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2009/09/21 21:14:27 | 000,009,318 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).EML
[2009/08/14 12:08:27 | 000,001,422 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/09 18:54:52 | 000,103,720 | ---- | C] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011/12/25 11:07:33 | 000,000,017 | ---- | M] ()(C:\Windows\SysWow64\?h) -- C:\Windows\SysWow64\傠ħ
[2011/12/25 11:07:33 | 000,000,017 | ---- | C] ()(C:\Windows\SysWow64\?h) -- C:\Windows\SysWow64\傠ħ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

OTL Extras logfile created on: 7/19/2013 9:24:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 72.18% Memory free
7.93 Gb Paging File | 5.91 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 278.44 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 1229.72 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D63878C-C7C9-4ACE-8057-8DBB686B3648}" = lport=137 | protocol=17 | dir=in | app=system |
"{3FC36FA0-6C38-455D-8BEC-8F0FB69D0C68}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{4797BF19-844E-4B2F-B8E4-9430E2D8A5A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{503C3D22-D65F-4907-B0BC-5CB84C28656C}" = rport=139 | protocol=6 | dir=out | app=system |
"{5B5D9804-18B9-48DD-880F-CED2729CD3C6}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{5EB6B8D6-157C-4EA9-8A89-295179931CD2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6B6F60B3-F80A-44DD-93B1-BFFDD945A0C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73E49F80-2486-4303-8B84-FE85DEB2982F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77A495FF-EEF6-4CA9-AE8E-E6ED6403ED50}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{839D934E-BC8B-49A9-A013-9759147453F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{98529612-179D-4F5E-82F8-91CBBB83E951}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{9B392269-BBD0-4694-83F3-EB601FE34060}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C21B78B-7955-4510-9179-4222A9E7D143}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2CE9BA4-404B-49EC-9938-20408CE07FE5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{A85ED53B-6C75-444C-A910-2A4D12E1AA17}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{BEECE83B-98B6-4D59-BB32-3B2C33385321}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC8424CC-557B-42A9-97DF-48A6944C1701}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{CF68049C-EB2E-467A-AA39-C934ABB2EB35}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{D9E2F189-65A3-4003-A661-52E334EA8BD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD4AF6E7-E6E9-48D2-9626-87092FF2634A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EAC2B0AB-F13B-4CF9-A06F-76FBD738F3A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F6FCF744-126D-4347-9A14-76D0596B1721}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7455DF0-CD9C-459E-821D-815AB881C546}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE9C574E-5B9B-4DEC-AD6C-7EDE3518E594}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036ECEA7-A6D0-4E6C-98F7-55062548A6CD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0A8BD952-08D3-450B-BCFD-A4BA3CAC5852}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0CF47063-20A3-435A-941F-0F41E2649AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{0E2A6B73-EFAA-4C61-BCD0-C86874C41BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{16465097-4186-40F9-AF87-F927B99252FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1E45078C-3993-4034-BABE-76F8085A7CF3}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs13ce\hpdiagnosticcoreui.exe |
"{2E874224-75AC-4E22-8C92-9E8187FE3EA1}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{33138EF8-16BA-49EA-9AB0-052408343126}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3857BD3D-3CC8-4241-BFA3-9819F657EA78}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{3F97E653-487E-4500-ACFF-F412782978BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{54E27070-4FBB-4A2F-8ACB-DFE7DAA5A526}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe |
"{5C2E88E4-EDFF-4720-8F45-5F6060229DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DFCF69E-B91A-441E-9FE0-4D7ADE83F9FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F3E451F-3DA9-4D16-B688-D4751D6EB329}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{70413FB7-9597-4790-8D56-F98055923E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75ABC9FF-58E2-4B5C-B7F5-5E03C96019EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{768770A7-949B-414F-A01B-08B675631ADA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7E95171B-A24D-4223-85A7-23660760B080}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{811C43A3-588A-4996-B186-6DB8B3ED143B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8736DD3A-D957-44FD-8B5C-BB07CD3CFF48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C113246-4DAA-4E93-97A6-E42F3D84B892}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{9C2C37A9-D2FD-4C35-B673-B575EE8717E3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A9BA40DC-0C1C-42D7-8015-D7B2144C2499}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B004DA3E-44BE-485C-B8FD-AD163B5C95D6}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs13ce\hpdiagnosticcoreui.exe |
"{B7270692-ABA1-4148-A87F-AC2FD735B262}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C284365D-E876-4BB8-B23A-7393FCA6D813}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{CC908D7B-E673-44AC-AB8E-BA3D242AD23B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D9B10997-2259-4DEB-B5E3-50D26DBA8BCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DA090939-4D25-43C9-8027-082A8B3D0301}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DBFD84AC-F60B-4050-A9A3-3D9E13D1AE88}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe |
"{F4D9D3EE-95BA-4A58-9AA0-0948696C4568}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE29EE5A-C6B7-454B-BE14-2F4AD8E91BB1}" = Microsoft SQL Server VSS Writer
"{F26D0153-CD17-4662-8592-DD98498DE6E4}" = HP Photosmart 5510d series Basic Device Software
"{F5551626-0E88-4399-A32D-2F6115CCDD92}" = HP Photosmart 5510d series Product Improvement Study
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216041FF}" = Java™ 6 Update 41
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2C1EE438-E60E-402B-ADA2-9849993A90DD}" = UPRO sync
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9859E92C-BD0C-4992-895A-0642D076185A}" = UPRO Connector
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A6558E2A-FAF9-4570-AA49-6328D0354517}" = CWA Reminder by We-Care.com v4.1.21.3
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B59D7E45-401F-9542-965A-5B76915B6E6A}" = YNAB 3
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"am-10daysunderthesea" = 10 Days Under The Sea
"am-amazingadventuresaroundtheworldtm" = Amazing Adventures Around the World™
"am-amazingadventuresthecaribbeansecrettm" = Amazing Adventures The Caribbean Secret™
"am-amazingfinds" = Amazing Finds
"am-slingoquest" = Slingo Quest
"bigcityadventuresanfrancisco" = Big City Adventure - San Francisco
"bigcityadventuretmsydney" = Big City Adventure™ - Sydney
"canyouseewhatiseedreammachine" = Can You See What I See - Dream Machine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"doubleplayjewelquestiiandjewelquestiii" = Double Play Jewel Quest II and Jewel Quest III
"EPSON Scanner" = EPSON Scan
"FreeFileViewer_is1" = Free File Viewer 2012
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.6
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"littleshopoftreasures" = Little Shop of Treasures
"littleshopoftreasures2" = Little Shop of Treasures 2
"littleshoproadtrip" = Little Shop - Road Trip
"littleshopworldtraveler" = Little Shop - World Traveler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealArcade" = RealArcade
"SafePCRepair_89bar Uninstall Internet Explorer" = SafePCRepair Internet Explorer Toolbar
"Settings Alerter" = Settings Alerter
"Trusted Software Assistant_is1" = File Type Assistant
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"UnityWebPlayer" = Unity Web Player
"Verizon Help and Support" = Verizon Help and Support Tool
"Web Games Player Plugin" = Web Games Player Plugin
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT076789" = Mystery P.I. - Lost in Los Angeles
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox
"UnityWebPlayer" = Unity Web Player
"uPro MX Software Upgrade" = uPro MX Software Upgrade
"Video Converter" = Video Converter
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/18/2013 5:46:37 PM | Computer Name = Owner-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
 
Error - 7/18/2013 6:30:48 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/18/2013 6:30:48 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
 
Error - 7/18/2013 6:30:48 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
 
Error - 7/18/2013 9:11:49 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/18/2013 9:13:06 PM | Computer Name = Owner-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
 
Error - 7/19/2013 3:20:10 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Unity\webplayer\UnityBugReporter.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 7/19/2013 3:20:41 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/19/2013 8:09:45 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Unity\webplayer\UnityBugReporter.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 7/19/2013 8:10:10 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 7/18/2013 5:44:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The B's Recorder GOLD Library General Service service failed to start
 due to the following error:   %%1053
 
Error - 7/18/2013 5:44:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The SafePCRepairService service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 6:59:53 PM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 7/18/2013 9:10:33 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:49 PM on ?7/?18/?2013 was unexpected.
 
Error - 7/18/2013 9:10:38 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the B's
 Recorder GOLD Library General Service service to connect.
 
Error - 7/18/2013 9:10:38 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The B's Recorder GOLD Library General Service service failed to start
 due to the following error:   %%1053
 
Error - 7/18/2013 9:10:43 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The SafePCRepairService service failed to start due to the following
 error:   %%2
 
Error - 7/19/2013 3:16:37 AM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error - 7/19/2013 3:16:39 AM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error - 7/19/2013 3:17:05 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:02 PM

Posted 19 July 2013 - 11:43 AM

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope =
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/465
    FF - prefs.js: keyword.URL - hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=107&systemid=465&q=
    user_pref("browser.startup.homepage", "hxxp://isearch.fantastigames.com/465");
    user_pref("keyword.URL", "hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=107&systemid=465&q=");

     :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [EMPTYJAVA]
    [REBOOT]
     

     

     

     

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users