Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SweetPacks, Sendori, SelectionLinks, UnfriendApp, etc...


  • Please log in to reply
46 replies to this topic

#1 Britain 

Britain 

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 18 August 2013 - 05:16 PM

Hello everyone at Bleeping Computer, I'm here today in hopes to clean up my grandmother’s laptop. She likes to use it to keep in touch with family, and browse random quilting sites (which I'm sure got her in trouble in the first place). I hope I can get this cleaned up and running smoothing again, but I'm also looking for suggestions so she can be protected from bad and unknown sites. I installed WOT before, but this malware somehow disabled it, even though Firefox says it's enabled, so it doesn't tell her if a site is good or not at all. Thank you for any assistance, and I will be monitoring this topic so I can reply as soon as possible to try and keep the ball rolling if possible, as I only have a few days to clean this up so I hope to deliver it back to her cleaned and protected ready for her to browse her random quilting sites once more... x.x

 

Things that I notice occasionally:

  • Slowdown while browsing, takes a good 2-3 min sometimes to load a page
  • WOT was disabled, while still being enabled by the browser
  • Computer freezing up, mouse doesn't move, up to 4-5 minutes (rare)

Things I need help with:

  • Computer to be cleaned of all malware, etc
  • Remove any unnesssiary programs that don't belong on the computer except for the essentials and security
  • Create a way to inform her when search results or random links are bad (for example: WOT)

I know it's asking a bit much, but I can't be with her everytime she wants to use a computer. The system that WOT uses (red = bad, gray = unknown, yellow = warning, green = good) is something I prefer, but if there is something that is better than WOT I'd like to know about it. I can't monitor this computer all the time and it's a long drive to her place just to help her everytime she has an issue like this, so I have a few days that I want to spend so that I can fix her computer up so that she can use it, and be safe.

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Kaye White at 16:40:45 on 2013-08-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1144 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\dmwu.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\windows\system32\charmap.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.myyahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: SelectionLinks: {7365A975-D1E8-41ed-8C66-FA70EDB97A39} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\windows\System32\Sendori.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{99389D22-2A96-4029-9469-4CE977F60869} : NameServer = 64.126.4.212,64.126.4.216
TCP: Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3}\2375942554931373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3}\758696475602E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3}\B416975602758696475602E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3}\B47584944554D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --

verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.toshiba.com/
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
x64-Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-07-15 14:19; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Updater By SweetPacks\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2011-11-24 78208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-5-15 202752]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-6-23 1453872]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-6-23 188760]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-15 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-15 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-18 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-5-15 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-8-18 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-9-14 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2013-08-18 18:03:58    --------    d-----w-    C:\Users\Kaye White\AppData\Roaming\uTorrent
2013-08-18 17:54:51    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-08-18 17:54:51    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-08-18 17:54:50    458712    ----a-w-    C:\windows\System32\drivers\cng.sys
2013-08-18 17:54:50    154480    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-08-18 17:54:50    1448448    ----a-w-    C:\windows\System32\lsasrv.dll
2013-08-18 17:54:49    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-08-18 17:54:49    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-08-18 17:54:03    514560    ----a-w-    C:\windows\SysWow64\qdvd.dll
2013-08-18 17:54:03    366592    ----a-w-    C:\windows\System32\qdvd.dll
2013-08-18 05:23:10    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A43C48F-B0A8-4493-AC1A-7455A6DC60D1}\mpengine.dll
2013-08-17 22:26:56    --------    d-----w-    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2013-08-17 05:03:02    9460976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 15:52:09    1217024    ----a-w-    C:\windows\System32\rpcrt4.dll
2013-08-14 15:52:08    663552    ----a-w-    C:\windows\SysWow64\rpcrt4.dll
2013-08-14 15:51:01    1472512    ----a-w-    C:\windows\System32\crypt32.dll
2013-08-14 15:51:01    1166848    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-08-14 15:51:00    224256    ----a-w-    C:\windows\System32\wintrust.dll
2013-08-14 15:51:00    184320    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-08-14 15:51:00    175104    ----a-w-    C:\windows\SysWow64\wintrust.dll
2013-08-14 15:51:00    140288    ----a-w-    C:\windows\SysWow64\cryptsvc.dll
2013-08-14 15:51:00    139776    ----a-w-    C:\windows\System32\cryptnet.dll
2013-08-14 15:51:00    103936    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-08-14 15:49:27    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2013-08-14 15:49:27    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-08-14 15:49:02    1888768    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2013-08-14 15:49:02    1620992    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2013-08-12 23:00:44    --------    d-----w-    C:\windows\System32\MRT
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 06:03:30    5550528    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-07-01 19:28:10    325920    ----a-w-    C:\windows\SysWow64\Sendori.dll
2013-06-19 02:50:08    247216    ----a-w-    C:\windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08    139616    ----a-w-    C:\windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2013-05-21 12:53:10    1453872    ----a-w-    C:\windows\System32\dmwu.exe
2013-05-21 12:52:14    33792    ----a-w-    C:\windows\System32\ImHttpComm.dll
2013-05-21 12:28:00    829264    ----a-w-    C:\windows\System32\msvcr100.dll
2013-05-21 12:28:00    608080    ----a-w-    C:\windows\System32\msvcp100.dll
.
============= FINISH: 16:42:05.12 ===============

 

Attached Files


Edited by Britain , 18 August 2013 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:32 PM

Posted 18 August 2013 - 05:38 PM

Hi Britain ,

Let's see what we can do for you then.
Let's sort out the system and then see how we can help to protect your Grandmother.

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
JRT.txt
and both reports from Otl


Thanks.

BBPP6nz.png


#3 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 18 August 2013 - 06:44 PM

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by Kaye White on Sun 08/18/2013 at 17:49:14.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] ibupdaterservice
Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ABCF2BE-E2F4-4056-BDF2-3E9CC06CDE10}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CA7C5C3-B03F-40CB-912E-77011A278926}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\windows\syswow64\arfc"
Failed to delete: [Folder] "C:\windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\windows\syswow64\wnlt"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Kaye White\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Kaye White\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/18/2013 at 17:56:33.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

OTL.Txt

OTL logfile created on: 8/18/2013 6:31:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaye White\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 46.58% Memory free
5.49 Gb Paging File | 3.61 Gb Available in Paging File | 65.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 235.26 Gb Free Space | 82.10% Space Free | Partition Type: NTFS
 
Computer Name: KAYEWHITE-PC | User Name: Kaye White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kaye White\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Users\Kaye White\Downloads\JRT.exe (Thisisu)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Sendori\SendoriUp.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori)
PRC - C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori)
PRC - C:\Windows\SysWOW64\jmdp\stij.exe ()
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll ()
MOD - C:\Windows\SysWOW64\jmdp\stij.exe ()
MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll ()
MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
SRV - (Service Sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori)
SRV - (sndappv2) -- C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (SafeNet Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9FA4779A-3D02-4EEE-8124-77C469FD7A6E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9FA4779A-3D02-4EEE-8124-77C469FD7A6E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {E81839E2-59B4-4FCD-9A85-D61A0A81865B}
IE - HKCU\..\SearchScopes\{E81839E2-59B4-4FCD-9A85-D61A0A81865B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/11/29 23:01:53 | 000,000,000 | ---D | M]
 
[2010/09/16 14:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Extensions
[2010/09/16 14:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/09 22:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions
[2013/05/16 21:12:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/05/12 13:30:42 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/05/12 13:34:55 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions\restartless.restart@erikvold.com.xpi
[2013/03/17 20:08:10 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/09 22:05:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/18 17:52:25 | 000,002,120 | ---- | M] () -- C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\al6cncff.default\searchplugins\MyStart.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/03/18 10:19:43 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SelectionLinks) - {7365A975-D1E8-41ed-8C66-FA70EDB97A39} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99389D22-2A96-4029-9469-4CE977F60869}: NameServer = 64.126.4.212,64.126.4.216
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8B9D7C9-8D68-4B69-880C-8A5AE6CC4CD3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ows\w) -  File not found
O30 - LSA: Authentication Packages - (ows\w) -  File not found
O30:64bit: - LSA: Security Packages - (䄐嵶 則住䕖塅䐮䱌) -  File not found
O30:64bit: - LSA: Security Packages - (F뻯䄐嵶䅱ɋ*) -  File not found
O30:64bit: - LSA: Security Packages - (잵) -  File not found
O30:64bit: - LSA: Security Packages - (?) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Kaye White^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fbquick.lnk -  - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Know the Bible Search Scope Monitor - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/18 17:49:06 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/18 13:09:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/18 13:05:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2013/08/18 13:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/08/18 13:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/08/18 13:05:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2013/08/18 13:05:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2013/08/18 13:05:42 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/08/18 13:05:42 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/08/18 13:05:42 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2013/08/18 13:05:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2013/08/18 13:05:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2013/08/18 13:05:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/08/18 13:05:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2013/08/18 13:05:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/08/18 13:05:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2013/08/18 13:05:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2013/08/18 13:05:41 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013/08/18 13:05:41 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2013/08/18 13:05:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2013/08/18 13:05:41 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2013/08/18 13:05:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2013/08/18 13:05:40 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013/08/18 13:05:40 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013/08/18 13:05:39 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/08/18 13:05:39 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/08/18 13:04:24 | 000,000,000 | ---D | C] -- C:\Users\Kaye White\Documents\Process Explorer
[2013/08/18 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\Kaye White\AppData\Roaming\uTorrent
[2013/08/18 12:54:50 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/08/18 12:54:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2013/08/18 12:54:03 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2013/08/17 17:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
[2013/08/15 18:06:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/15 18:06:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/15 18:06:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/15 18:06:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/15 18:06:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/15 18:06:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/15 18:06:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/15 18:06:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 18:06:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 18:06:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/15 18:06:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/15 18:06:47 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/15 18:06:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/15 18:06:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/15 18:06:46 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/14 10:52:09 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/14 10:51:01 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/14 10:51:00 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/14 10:51:00 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/14 10:49:02 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/14 10:49:02 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/14 10:47:51 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/14 10:47:50 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/14 10:47:50 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/14 10:47:50 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/14 10:47:49 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/14 10:47:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/14 10:47:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/14 10:47:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/14 10:47:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/14 10:47:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/08/12 18:00:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/18 18:26:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 17:01:52 | 000,004,035 | ---- | M] () -- C:\Users\Kaye White\Documents\attach.rar
[2013/08/18 16:26:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/18 15:36:00 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 15:36:00 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 15:26:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/18 15:26:09 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/18 13:59:22 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/18 13:59:22 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/18 13:59:22 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/18 13:11:11 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/07/26 00:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/26 00:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/26 00:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/26 00:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/26 00:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/26 00:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/26 00:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/26 00:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/25 22:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/25 22:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/25 22:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/25 22:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/25 22:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/25 21:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 20:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 04:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/25 03:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/18 17:01:52 | 000,004,035 | ---- | C] () -- C:\Users\Kaye White\Documents\attach.rar
[2013/03/17 19:53:57 | 000,000,258 | RHS- | C] () -- C:\Users\Kaye White\ntuser.pol
[2010/09/16 18:17:09 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/09/14 14:09:08 | 000,000,594 | ---- | C] () -- C:\Users\Kaye White\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/02/26 19:35:14 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\gnupg
[2010/09/14 14:09:09 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\Template
[2010/09/16 14:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\Thunderbird
[2010/09/14 13:59:41 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\Toshiba
[2013/08/18 16:44:41 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\uTorrent
[2010/09/14 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\Kaye White\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/05/12 15:51:00 | 000,017,752 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/23 19:42:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/08/18 15:26:09 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/18 15:26:11 | 2947,440,640 | -HS- | M] () -- C:\pagefile.sys
[2013/08/18 15:29:21 | 000,089,676 | ---- | M] () -- C:\Status.log
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /HideShortcuts [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /ShowShortcuts [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -preferences [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/08/17 17:27:01 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -PREFERENCES [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -SAFE-MODE [2013/08/17 17:27:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/07/26 00:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/07/26 00:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/07/26 00:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)

< End of report >

 

 

 

 

Extras.Txt

OTL Extras logfile created on: 8/18/2013 6:31:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaye White\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 46.58% Memory free
5.49 Gb Paging File | 3.61 Gb Available in Paging File | 65.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 235.26 Gb Free Space | 82.10% Space Free | Partition Type: NTFS
 
Computer Name: KAYEWHITE-PC | User Name: Kaye White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03123CD6-0E44-4E20-A918-9F96B7B26FA8}" = rport=138 | protocol=17 | dir=out | app=system |
"{044CF77F-1D3D-482A-BA5E-481D08AE772C}" = lport=445 | protocol=6 | dir=in | app=system |
"{0503477B-C103-4B97-976B-02B4C2A057AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{140A0DD2-DDB4-41DE-9754-DE6F05B26B00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D56E6FF-46CE-40CD-9175-9B7960EF4579}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2562236F-1A3D-431D-91ED-023B28AE71C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{3470369F-84B2-45EC-A9FA-1D70B21241B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4053EAD1-A9DD-46E8-B030-F9071005B1DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47DB5A34-05B7-460D-8C41-C9F64B2987EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49A0462F-F21F-49F3-A776-667CBF3D7E8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A161CAF-B5EE-4585-8076-DDD612C9B763}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5536FF77-6DC6-49FF-8973-59CDCDFBCD93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6189935D-8D70-40C2-AF94-0665E987962E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{651013B3-92CD-4A3F-9EF3-5DBA8EBFA4BC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{823E1827-B589-45C9-9B8C-1AE7C38B557F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88FC85EF-7281-4295-A9AF-26753C31E8D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{89FAB04D-CAC9-4699-8FD8-5CFE93AE9FDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B5438A8-ADC2-452C-859D-3F0D83F3E6C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BBEA7BB-4051-4E3F-9BFF-62357F0A0AF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BEA76C3-C4E4-4240-BE2F-DD191332EE95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{94305063-57C3-483E-91CE-C786D8A4F7AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9FE8BE67-995A-43C0-9BCC-2EAB10C3D2EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A20C065B-7E47-42CE-AB87-366B084B2014}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A30CEA39-3EAE-4E0E-AAEA-2749C5B1792E}" = lport=138 | protocol=17 | dir=in | app=system |
"{AE0C7C17-8E15-406F-97D9-5600191C9410}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B61A18F6-5B13-4AC5-B616-AC5C3D0E57BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B80D6AE5-C369-473E-9E1F-55AD65B18757}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD591C38-89E7-4578-8E13-C6F595271F80}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BEDF828E-4DC3-4C05-8EC6-A5365769DBC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C54E3743-447A-4928-8C8B-ABC5D1FC9611}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8C91A5B-5576-4C77-8779-095D4A596F43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE40F082-E8E0-4279-8B2A-62F74582A8DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEA512EF-5839-42E2-9967-492478F39BDB}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA71A73D-C185-4DDC-A449-BA3CE4D10CE1}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3D0085-DCA1-4EA9-BAC2-D35AEB1B9692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FCEEEAF-0E14-4CDB-8524-451331BDAA46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1393AC9D-02FD-44B7-9A49-DA67BDAE88C6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{22C3E094-F965-4DE3-B9F5-4A14EEBD4F29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2675B788-CBB3-4761-9F76-7B06B73C8FAD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26BB5B5B-1ED9-44A8-B2FD-7F599E5AFF91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{287D4756-CD68-41E5-99C9-305D9FEF9935}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2A2FE533-39ED-483A-84F8-8E9FEDF13D8D}" = protocol=6 | dir=out | app=system |
"{31C95F8A-1B81-47AD-9688-B64D33E16E12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38AD230D-B35D-4B69-99CF-382139C99750}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EFC8C62-F0FB-49A3-9053-DD675F84F439}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{43CFF7F6-4E6D-4281-9C5A-36D24CC6EA72}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4617CE2C-AC44-478F-BBFC-DE6F7D7CDE61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4861B217-49B8-4C14-894E-D8458A592EFD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{49A680AE-B5DC-46A4-9B0C-C7293E6D3FCC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{53886F61-F56D-4C3F-AF60-72717A6F5153}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5F649AB1-2CFA-485B-9CE8-B212A1E4AB42}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{644169B2-937C-4500-B7DD-5610DA162F10}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{736CE16B-C7E2-450B-B449-A31549445139}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{77D0E514-AFD1-4E20-BF56-2FD51DD6FF8A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{800453DB-51C8-48E9-963B-E0777D55B213}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{80AF325F-5B89-45CE-AD07-28071A213874}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80E5B048-DF8E-4830-AE63-A83E50545D8F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8B5B4E97-C865-47D0-BF89-B264974DDE8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{912D40F1-8169-44AE-8ED6-E147BD9BE241}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7446DAE-6A33-494A-A082-A6620963BE30}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B0A839D1-FD59-4E7D-83AE-FE9F168E7FCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B97102A9-8D9C-4CAC-8B90-364034A3A2FC}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BB34EB81-33BA-4D41-933E-94BD0D6A3AA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD40599A-D14A-465E-9ED3-D3A99C770188}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE7FAE4B-2614-433D-A89C-5EBD7E548533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF3AD61E-214A-4935-ADC3-3C11AF311B87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D591B661-16B4-4347-9A48-10504FA623E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D78A3AFE-1BDE-40CC-83FF-1E74D02E27C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0F0979-5417-4883-9D5B-67F7732D8633}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E020151D-FCC4-498D-BAF3-BDFDE04DD02C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E51588CD-58AB-471D-9329-506AD906D74C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{FC7C2A31-A1E7-4A82-BAAA-4B638999FE01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCFFB8F9-33EB-420B-8010-E52551B87203}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF6BB683-4BC1-45FE-B203-D643BBF16A9D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{E7B71FDD-4B5A-45C4-A70A-21F87E73C97A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{70B4FEE7-A207-41DE-9B4E-F47E0C9ACCE3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.609
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{E86E510B-CBAD-354D-841B-853E23EF038A}" = Google Chrome
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Sendori" = Sendori
"sl-adk" = SelectionLinks
"SMPlayer" = SMPlayer 0.6.9
"UnfriendApp" = UnfriendApp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WNLT" = IB Updater Service
 
========== Last 20 Event Log Errors ==========
 
[ SendoriLogs Events ]
Error - 8/10/2013 1:48:49 AM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 1:53:50 AM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 3:28:59 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 3:39:55 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 3:40:35 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 3:44:19 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 3:49:09 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/10/2013 4:00:35 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/11/2013 5:14:54 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/11/2013 5:19:59 PM | Computer Name = KayeWhite-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
 
< End of report >


Edited by Britain , 18 August 2013 - 06:45 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:32 PM

Posted 19 August 2013 - 11:20 AM

Hi Britain 
 

I installed WOT before, but this malware somehow disabled it, even though Firefox says it's enabled

I see that you are running a beta version of Firefox 24 (Mozilla Firefox 4.0 Beta 12) it is possible that WOT may not be compatible yet with this version.
Plus running Beta versions of programs may lead to unexpected happenings.
My version is 23 and a check says that this is the latest version.

Step 1
Sendori is showing a lot of entries in the report, so it's best if we try uninstalling it from the add/remove.
It is showing there.
If the uninstaller won't run let me know and we'll have to remove it manually.


Step 2
Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/15 14:19:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/11/29 23:01:53 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SelectionLinks) - {7365A975-D1E8-41ed-8C66-FA70EDB97A39} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ows\w) -  File not found
O30 - LSA: Authentication Packages - (ows\w) -  File not found
O30:64bit: - LSA: Security Packages - (䄐嵶 則住䕖塅䐮䱌) -  File not found
O30:64bit: - LSA: Security Packages - (F뻯䄐嵶䅱ɋ*) -  File not found
O30:64bit: - LSA: Security Packages - (잵) -  File not found
O30:64bit: - LSA: Security Packages - (?) -  File not found
MsConfig:64bit - StartUpReg: Know the Bible Search Scope Monitor - hkey= - key= -  File not found

:Files
C:\Program Files (x86)\UnfriendApp
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 25 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 25".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
Otl fix report
and let me know if there was any problem when trying to remove Sendori.


Thanks.

BBPP6nz.png


#5 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 12:40 PM


 

I installed WOT before, but this malware somehow disabled it, even though Firefox says it's enabled
I see that you are running a beta version of Firefox 24 (Mozilla Firefox 4.0 Beta 12) it is possible that WOT may not be compatible yet with this version.
Plus running Beta versions of programs may lead to unexpected happenings.
My version is 23 and a check says that this is the latest version.

I reinstalled Firefox, I am now version 23.0.1

8AAFgFr.png
 
I used FEBE to backup the extensions I trust, bookmarks, preferences, usernames and passwords, browser history, and fill history. If I should reinstall without these let me know.

 

*I also should add that the extensions I disabled before returned after installation (I expected as much):

 

[nvm, the OTL scan removed them I think]

 
There is one thing I noticed (even before using FEBE), almost every page gives me this error:
 
IKcSDLk.png


Edited by Britain , 19 August 2013 - 01:15 PM.


#6 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 01:16 PM

OTL log

All processes killed
========== OTL ==========
Error: Unable to stop service IBUpdaterService!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBUpdaterService deleted successfully.
C:\Windows\SysNative\dmwu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9E3331-D360-4f87-8803-52DE43566502}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com deleted successfully.
C:\Program Files (x86)\UnfriendApp\Firefox\chrome\content folder moved successfully.
C:\Program Files (x86)\UnfriendApp\Firefox\chrome folder moved successfully.
C:\Program Files (x86)\UnfriendApp\Firefox folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ deleted successfully.
C:\Program Files\Updater By SweetPacks\Extension64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7365A975-D1E8-41ed-8C66-FA70EDB97A39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7365A975-D1E8-41ed-8C66-FA70EDB97A39}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:䄐嵶 則住䕖塅䐮䱌 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:F뻯䄐嵶䅱ɋ* deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:잵 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:? deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Know the Bible Search Scope Monitor\ not found.
========== FILES ==========
C:\Program Files (x86)\UnfriendApp\IE folder moved successfully.
C:\Program Files (x86)\UnfriendApp\Chrome folder moved successfully.
C:\Program Files (x86)\UnfriendApp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kaye White\Downloads\cmd.bat deleted successfully.
C:\Users\Kaye White\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kaye White
->Temp folder emptied: 143177386 bytes
->Temporary Internet Files folder emptied: 564783706 bytes
->FireFox cache emptied: 17878105 bytes
->Google Chrome cache emptied: 141533293 bytes
->Flash cache emptied: 96077 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 642304379 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37028766 bytes
RecycleBin emptied: 330345 bytes
 
Total Files Cleaned = 1,475.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 08192013_125915

Files\Folders moved on Reboot...
C:\Users\Kaye White\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kaye White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48E44281-7772-4A8C-B2AF-8D03EE101384}.tmp moved successfully.
C:\Users\Kaye White\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\TmpFile1 scheduled to be moved on reboot.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


#7 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 01:19 PM

Update:

I no longer get "This Connection is Untrusted"



#8 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 01:28 PM

I am currently updating Java, and there were no issues with uninstalling Sendori.

 

Update:

I installed Java 7 Update 25 (64-bit)

 

I am receiving this error when trying to verify on the page provided after installation:

 

TM1U5v3.png

 

I tried to restart the browser but it had no effect.


Edited by Britain , 19 August 2013 - 01:35 PM.


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:32 PM

Posted 19 August 2013 - 02:47 PM

Hi Britain

I see this a lot.
From Firefox, click on the tools tab >> Addons >> Plugins
Do you see something like this:

http://smg.photobucket.com/user/starbuck50/media/java_zpsb321cb72.png.html


This is quite normal and probably the reason you get that error.

As long as Java7 update 25 is showing in the add/remove, you will be fine.

I'd like to double check that we have cleared all the Adware now:

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Thanks


Edited by Starbuck, 19 August 2013 - 02:49 PM.

BBPP6nz.png


#10 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 03:00 PM

Hi Britain

I see this a lot.
From Firefox, click on the tools tab >> Addons >> Plugins
Do you see something like this:

http://smg.photobucket.com/user/starbuck50/media/java_zpsb321cb72.png.html


This is quite normal and probably the reason you get that error.

I actually don't even have that listed:

 

FpBFxtT.png

 

Here it is under Programs and Features:

 

VeGWWDO.png


Edited by Britain , 19 August 2013 - 03:03 PM.


#11 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 03:06 PM

AdwCleaner

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 15:05:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kaye White - KAYEWHITE-PC
# Boot Mode : Normal
# Running from : C:\Users\Kaye White\Downloads\AdwCleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Updater By SweetPacks
Folder Found : C:\windows\SysWOW64\jmdp

***** [Registry] *****

Key Found : HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\kpwlyytl.default\prefs.js

Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks")[...]
Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1350 octets] - [19/08/2013 15:05:43]
AdwCleaner[S1].txt - [17752 octets] - [12/05/2013 15:50:24]

########## EOF - C:\AdwCleaner[R1].txt - [1471 octets] ##########



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:32 PM

Posted 19 August 2013 - 03:31 PM

Hi Britain,

Here it is under Programs and Features:

That's fine then, nothing to worry about.

Ok, a few leftovers showing there.
Let's get rid of them.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Delete button.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Thanks

BBPP6nz.png


#13 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 03:35 PM

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 15:32:19
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kaye White - KAYEWHITE-PC
# Boot Mode : Normal
# Running from : C:\Users\Kaye White\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\windows\SysWOW64\jmdp

***** [Registry] *****

Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\Kaye White\AppData\Roaming\Mozilla\Firefox\Profiles\kpwlyytl.default\prefs.js

Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks")[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Kaye White\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1538 octets] - [19/08/2013 15:05:43]
AdwCleaner[S1].txt - [17752 octets] - [12/05/2013 15:50:24]
AdwCleaner[S2].txt - [1485 octets] - [19/08/2013 15:32:19]

########## EOF - C:\AdwCleaner[S2].txt - [1545 octets] ##########



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:32 PM

Posted 19 August 2013 - 03:47 PM

That's taken care of the Adware on the system, let's check for anything else now:

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

Post the report if anything is found.
Also let me know how the system is running now.

Once this is done we can address your other concerns about the computer security.

Thanks

BBPP6nz.png


#15 Britain 

Britain 
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 August 2013 - 05:43 PM

Sorry for the delayed response, it took awhile.

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[2]    multiple threats    
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[3]    multiple threats    
C:\Users\Kaye White\Downloads\adobe-reader.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Kaye White\Downloads\Chrome_Setup (1).exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Users\Kaye White\Downloads\Chrome_Setup.exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Users\Kaye White\Downloads\Java.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[2]    multiple threats    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[3]    multiple threats    cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08192013_125915\C_Program Files (x86)\UnfriendApp\Chrome\common.crx    Win32/ExFriendAlert.A application    deleted - quarantined
C:\_OTL\MovedFiles\08192013_125915\C_Program Files (x86)\UnfriendApp\IE\common.dll    a variant of Win32/ExFriendAlert.B application    cleaned by deleting - quarantined






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users