Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java SE Runtime Enviro. 7 update 25, Oracle America, Inc.


  • This topic is locked This topic is locked
39 replies to this topic

#1 NTStar

NTStar

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 01 October 2013 - 10:52 AM

     Good Morning Everyone :).  I have already ran combo fix before I registered and before I read not too.  Ooops!   After completing combo fix I rebooted. When I opened my browser I saw this pop up immediately;  Java SE Runtime Enviro. 7 update 25, Oracle America, Inc.  Attached File  JavaMALARE--.jpg   293.56KB   0 downloads

 

 

      I seem to have other issues with my system as well as this pop up.  I just felt this would be a good starting point.  If anyone has any information on how I might resolve this issue please get back to me.  Your help is appreciated.

 

     Thanks - NTStar



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 02 October 2013 - 03:16 PM

Hi NTStar

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.


I have already ran combo fix before I registered and before I read not too.

Please post the Combofix report for me to look at.
You will find a copy at: C:\ComboFix.txt

Thanks

BBPP6nz.png


#3 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 02 October 2013 - 09:05 PM

Thank you for your response.  I haven't ran any other tools.  Here is my report.  Thank you again.

 

 

ComboFix 13-09-30.02 - RieAnn 09/30/2013  15:20:16.10.2 - x64

 

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2555 [GMT -7:00]

 

Running from: c:\users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMEPD149\ComboFix.exe

 

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

 

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

c:\users\RieAnn\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

c:\users\RieAnn\GoToAssistDownloadHelper.exe

 

.

 

.

 

(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-30  )))))))))))))))))))))))))))))))

 

.

 

.

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\Guest\AppData\Local\temp

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

 

2013-09-30 22:27 . 2013-09-30 22:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp

 

2013-09-19 19:48 . 2013-09-19 19:48 -------- d-----w- c:\users\RieAnn\GoogleUnpackedExtensions

 

2013-09-11 10:34 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

 

2013-09-11 10:33 . 2013-08-02 02:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

 

2013-09-01 04:16 . 2013-09-01 04:16 268720 ----a-w- c:\windows\system32\javaws.exe

 

2013-09-01 04:16 . 2013-09-01 04:16 189360 ----a-w- c:\windows\system32\javaw.exe

 

2013-09-01 04:16 . 2013-09-01 04:16 188840 ----a-w- c:\windows\system32\java.exe

 

2013-09-01 04:06 . 2013-09-01 04:06 -------- d-----w- c:\program files (x86)\Common Files\Java

 

2013-09-01 04:06 . 2013-09-01 04:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

 

2013-09-01 04:06 . 2013-09-01 04:06 -------- d-----w- c:\program files (x86)\Java

 

.

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2013-09-30 18:16 . 2012-03-23 17:51 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

 

2013-09-19 18:05 . 2012-04-14 01:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

 

2013-09-19 18:05 . 2011-10-08 11:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

 

2013-09-11 13:29 . 2010-01-15 16:40 79143768 ----a-w- c:\windows\system32\MRT.exe

 

2013-09-08 03:17 . 2012-02-08 03:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

 

2013-09-08 03:17 . 2011-10-09 22:02 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

 

2013-09-08 03:16 . 2011-10-09 22:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

 

2013-09-01 04:16 . 2012-06-14 23:13 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

 

2013-09-01 04:16 . 2012-06-14 23:13 839096 ----a-w- c:\windows\system32\deployJava1.dll

 

2013-09-01 04:06 . 2012-06-14 22:53 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

 

2013-09-01 04:06 . 2011-10-11 03:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

 

2013-08-02 01:48 . 2013-09-11 10:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

 

2013-07-25 09:25 . 2013-08-14 10:24 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

 

2013-07-25 08:57 . 2013-08-14 10:24 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

 

2013-07-19 01:58 . 2013-08-14 10:24 2048 ----a-w- c:\windows\system32\tzres.dll

 

2013-07-19 01:41 . 2013-08-14 10:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll

 

2013-07-09 05:52 . 2013-08-14 10:25 224256 ----a-w- c:\windows\system32\wintrust.dll

 

2013-07-09 05:51 . 2013-08-14 10:24 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

 

2013-07-09 05:46 . 2013-08-14 10:25 1472512 ----a-w- c:\windows\system32\crypt32.dll

 

2013-07-09 05:46 . 2013-08-14 10:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll

 

2013-07-09 05:46 . 2013-08-14 10:25 139776 ----a-w- c:\windows\system32\cryptnet.dll

 

2013-07-09 04:52 . 2013-08-14 10:24 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

 

2013-07-09 04:52 . 2013-08-14 10:25 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

 

2013-07-09 04:46 . 2013-08-14 10:25 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

 

2013-07-09 04:46 . 2013-08-14 10:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

 

2013-07-09 04:46 . 2013-08-14 10:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

 

2013-07-06 06:03 . 2013-08-14 10:23 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]

 

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Broderbund\prxtbBrod.dll

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

 

"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\prxtbBrod.dll" [2011-05-09 176936]

 

.

 

[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]

 

.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024]

 

"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

 

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

 

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]

 

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-07-31 1057920]

 

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

 

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

 

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

 

"ConsentPromptBehaviorAdmin"= 5 (0x5)

 

"ConsentPromptBehaviorUser"= 3 (0x3)

 

"EnableUIADesktopToggle"= 0 (0x0)

 

.

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

 

BootExecute REG_MULTI_SZ    autocheck

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

 

@="Service"

 

.

 

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

 

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

 

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

 

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

 

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

 

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

 

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

 

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

 

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

 

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

 

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [x]

 

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

 

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

 

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

 

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

 

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]

 

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

 

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]

 

S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

 

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

 

S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

 

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

 

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

 

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

 

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

 

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

 

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

 

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]

 

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

 

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

 

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

 

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

 

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

 

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

 

.

 

.

 

--- Other Services/Drivers In Memory ---

 

.

 

*Deregistered* - mfeavfk01

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

 

iissvcs REG_MULTI_SZ    w3svc was

 

apphost REG_MULTI_SZ    apphostsvc

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

 

2013-09-21 22:46 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

 

.

 

Contents of the 'Scheduled Tasks' folder

 

.

 

2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job

 

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:05]

 

.

 

2013-09-30 c:\windows\Tasks\EPSON XP-310 Series Invitation {1BCD6884-F1EC-49A3-97F8-C4F20C48B29D}.job

 

- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-07-02 08:20]

 

.

 

2013-09-30 c:\windows\Tasks\EPSON XP-310 Series Update {1BCD6884-F1EC-49A3-97F8-C4F20C48B29D}.job

 

- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-07-02 08:20]

 

.

 

2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 23:40]

 

.

 

2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 23:40]

 

.

 

.

 

--------- X64 Entries -----------

 

.

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

 

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

 

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

 

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

 

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

 

"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]

 

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

 

.

 

------- Supplementary Scan -------

 

.

 

uLocal Page = c:\windows\system32\blank.htm

 

uStart Page = hxxp://myyahoo.com/

 

uInternet Settings,ProxyOverride = <local>

 

Trusted Zone: bankofamerica.com

 

TCP: DhcpNameServer = 192.168.1.1

 

.

 

.

 

------- File Associations -------

 

.

 

JSEFile=NOTEPAD.EXE "%1"

 

.

 

- - - - ORPHANS REMOVED - - - -

 

.

 

WebBrowser-{81E93B9C-1052-4697-AAFE-B40CD69C1D22} - (no file)

 

.

 

.

 

.

 

--------------------- LOCKED REGISTRY KEYS ---------------------

 

.

 

[HKEY_USERS\S-1-5-21-1128831596-3725264721-991106952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

 

@Denied: (2) (S-1-5-21-1128831596-3725264721-991106952-1000)

 

@Denied: (2) (LocalSystem)

 

"Progid"="WindowsLiveMail.Email.1"

 

.

 

[HKEY_USERS\S-1-5-21-1128831596-3725264721-991106952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

 

@Denied: (2) (S-1-5-21-1128831596-3725264721-991106952-1000)

 

@Denied: (2) (LocalSystem)

 

"Progid"="vcard_wab_auto_file"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

 

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker5"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Shockwave Flash Object"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

 

@="0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="ShockwaveFlash.ShockwaveFlash.11"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="ShockwaveFlash.ShockwaveFlash"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Macromedia Flash Factory Object"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="FlashFactory.FlashFactory.1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="FlashFactory.FlashFactory"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker5"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

 

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

 

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

 

@Denied: (Full) (Everyone)

 

.

 

Completion time: 2013-09-30  15:29:40

 

ComboFix-quarantined-files.txt  2013-09-30 22:29

 

ComboFix2.txt  2013-07-23 03:34

 

ComboFix3.txt  2013-06-11 06:25

 

ComboFix4.txt  2013-04-28 21:25

 

ComboFix5.txt  2013-09-30 22:17

 

.

 

Pre-Run: 213,921,972,224 bytes free

 

Post-Run: 213,857,058,816 bytes free

 

.

 

- - End Of File - - F00811BD12BFE6F273ED9D952C4134A1



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 03 October 2013 - 05:48 AM

Hi NTStar

Thanks for the combofix.txt

Please take note of the following:

Running from: c:\users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMEPD149\ComboFix.exe

None of the tools we use should be run from the temp internet files.
The tools are optimized to run from the Desktop.
Anything stored in the temp internet files will be removed when we clean out this folder.
Always click to select 'Save' instead of Run when downloading the tools.

The screenshot you posted in the opening post is a legit request from Java to update to the latest version, so this isn't anything to worry about.
The combofix.txt is showing possible Adware on the system though.
We'll deal with that and then check for any leftovers and orphan entries.

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
JRT.txt
AdwCleaner report
and both reports from OTL.


Thanks.

BBPP6nz.png


#5 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 03 October 2013 - 06:54 PM

Hey Starbuck,

 

     OMG, I can't believe I got through all the steps you needed me to do :bananas: .   Hoping I did them all correctly.  When I 1st saw all I needed to do I thought for sure it would take me days to complete it, lol!  But it really went fairly smoothly.  Here are the reports you asked for. 

 

     Thank you so much for your help..

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.3 (09.27.2013:1)

OS: Windows 7 Home Premium x64

Ran by RieAnn on Thu 10/03/2013 at 14:13:03.07

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2530712

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

 

 

~~~ Files

 

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\RieAnn\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\RieAnn\appdata\local\visi_coupon"

Successfully deleted: [Folder] "C:\Users\RieAnn\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\RieAnn\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{03FB0B38-43EE-43C8-901C-62BC4EDF615F}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{0D5A119F-C5D9-40FD-AADD-BD59C9455BA0}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{2CE2A65C-C5E9-4DBB-A27E-8FEFD57314A0}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{3FA5F086-142F-4CC2-B006-A3A4A614B715}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{41508354-2455-4956-9D7F-0CAA44E6C785}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{4EC918A5-5351-4B0D-ADB2-0A5554CADC76}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{5287A884-B4E0-4B83-BECE-18AF50F3B52E}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{5E7AABBC-3347-4F95-9BC6-9DB0D57A97E8}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{68B33D51-6EB6-4987-9496-6A211096650B}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{73E56118-B3A2-455C-8313-85837C960B15}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{80B705F9-9295-4258-87E3-75D59F3B691A}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{A9D65720-1913-41AF-BDF1-1BCB112A764A}

Successfully deleted: [Empty Folder] C:\Users\RieAnn\appdata\local\{D6B50063-6E79-4644-A7A1-FB40DABA6C4C}

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 10/03/2013 at 14:20:19.61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

************************************************************************************************************************************************************************************************

ADWCleaner report

 

 

# AdwCleaner v3.006 - Report created 03/10/2013 at 14:31:08

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : RieAnn - 1BAD-KITTY

# Running from : C:\Users\RieAnn\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

 

*************************

AdwCleaner[R0].txt - [901 octets] - [03/10/2013 14:29:37]

AdwCleaner[S0].txt - [829 octets] - [03/10/2013 14:31:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [888 octets] ##########

 

 

 

 

 

*********************************************************************************************************************************************************************************************

 

 

OTL logfile created on: 10/3/2013 3:28:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RieAnn\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16686)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.80 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 74.82% Memory free

9.51 Gb Paging File | 7.90 Gb Available in Paging File | 83.08% Paging File free

Paging file location(s): c:\pagefile.sys 5841 6041 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 198.96 Gb Free Space | 66.74% Space Free | Partition Type: NTFS

 

Computer Name: 1BAD-KITTY | User Name: RieAnn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\RieAnn\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a884b7b41c3b4004bb80c2089bbdb50f\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation)

SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)

SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)

SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)

SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)

SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)

SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)

SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe (Andrea Electronics Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe (IDT, Inc.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe (Andrea Electronics Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)

DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 FD 33 8E 46 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0A9B7062-0559-404A-9151-6FF4D477481B}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{0A9B7062-0559-404A-9151-6FF4D477481B}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-01&type=mcafee&p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@ei.RadioRage_4j.com/Plugin: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/09/11 06:36:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/10/03 14:35:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/23 11:04:18 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2013/09/30 15:27:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131003143550.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131003143550.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {81E93B9C-1052-4697-AAFE-B40CD69C1D22} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Local intranet)

O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: googletalk.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: ussex.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: yahoo.com ([my] http in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7498570A-218F-4A63-9E79-9F62C15C5651}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpReg: SmileboxTray - hkey= - key= - File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/10/03 14:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RieAnn\Desktop\OTL.scr

[2013/10/03 14:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/10/03 14:28:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/03 14:13:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/10/03 14:11:46 | 001,030,305 | ---- | C] (Thisisu) -- C:\Users\RieAnn\Desktop\JRT.exe

[2013/09/30 15:29:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/09/30 15:29:42 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/09/19 12:48:33 | 000,000,000 | ---D | C] -- C:\Users\RieAnn\GoogleUnpackedExtensions

[2013/09/11 06:32:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/09/11 06:32:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/09/11 06:32:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/09/11 06:32:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/09/11 06:32:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/09/11 06:32:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/09/11 06:32:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/09/11 06:32:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/09/11 06:32:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/09/11 06:32:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/09/11 06:32:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/09/11 06:32:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/09/11 06:32:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/09/11 06:32:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/09/11 06:32:27 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/09/11 03:34:23 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys

[2013/09/11 03:34:10 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/09/11 03:34:09 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/09/11 03:34:09 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/09/11 03:34:08 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/09/11 03:34:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/09/11 03:34:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/09/11 03:34:06 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/09/11 03:34:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/09/11 03:34:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/09/11 03:34:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/09/11 03:34:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/09/11 03:34:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/09/11 03:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/09/11 03:34:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/09/11 03:34:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/09/11 03:34:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/09/11 03:34:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/09/11 03:34:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/09/11 03:34:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/09/11 03:34:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/09/11 03:34:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/09/11 03:34:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/09/11 03:34:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/09/11 03:34:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/09/11 03:34:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/09/11 03:34:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/09/11 03:34:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/09/11 03:34:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/09/11 03:34:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/09/11 03:34:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/09/11 03:34:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/09/11 03:34:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/09/11 03:34:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/09/11 03:34:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/09/11 03:34:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/09/11 03:34:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/09/11 03:34:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/09/11 03:34:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/09/11 03:34:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/09/11 03:34:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/09/11 03:34:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/09/11 03:34:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/09/11 03:34:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/09/11 03:34:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/09/11 03:34:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/09/11 03:34:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/09/11 03:34:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/09/11 03:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/09/11 03:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/09/11 03:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/09/11 03:33:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/09/11 03:33:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/09/11 03:33:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/09/11 03:33:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/09/11 03:33:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/09/11 03:33:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/09/11 03:33:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/09/11 03:33:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/09/11 03:33:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/09/11 03:33:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/09/11 03:33:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/09/11 03:33:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/09/11 03:33:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/09/11 03:33:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/09/11 03:33:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/09/11 03:33:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/09/11 03:33:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/09/11 03:33:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/09/11 03:33:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/09/11 03:33:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/09/11 03:33:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/09/11 03:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/09/11 03:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/09/11 03:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/09/11 03:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/09/11 03:33:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll

[2013/09/11 03:33:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/09/11 03:33:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/09/10 14:03:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Apt1

[2013/09/10 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\RieAnn\Documents\FromEpsonScanner

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/10/03 15:24:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RieAnn\Desktop\OTL.scr

[2013/10/03 15:23:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-310 Series Update {1BCD6884-F1EC-49A3-97F8-C4F20C48B29D}.job

[2013/10/03 15:23:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-310 Series Invitation {1BCD6884-F1EC-49A3-97F8-C4F20C48B29D}.job

[2013/10/03 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/03 14:40:41 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/10/03 14:40:41 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/10/03 14:37:48 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2013/10/03 14:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/03 14:32:59 | 3062,910,976 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/03 14:25:48 | 001,045,226 | ---- | M] () -- C:\Users\RieAnn\Desktop\AdwCleaner.exe

[2013/10/03 14:12:28 | 001,030,305 | ---- | M] (Thisisu) -- C:\Users\RieAnn\Desktop\JRT.exe

[2013/09/30 15:27:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/09/27 00:38:27 | 000,000,699 | ---- | M] () -- C:\Users\RieAnn\Documents\poll.rtf

[2013/09/23 13:33:48 | 000,869,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/09/23 13:33:48 | 000,725,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/09/23 13:33:48 | 000,144,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/09/20 09:42:15 | 000,003,060 | ---- | M] () -- C:\Users\RieAnn\Documents\easycheesedanish.rtf

[2013/09/19 11:05:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/09/19 11:05:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/09/11 06:36:15 | 000,893,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/09/10 12:33:48 | 000,704,674 | ---- | M] () -- C:\Users\RieAnn\Documents\img001.jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/10/03 14:25:48 | 001,045,226 | ---- | C] () -- C:\Users\RieAnn\Desktop\AdwCleaner.exe

[2013/09/27 00:38:27 | 000,000,699 | ---- | C] () -- C:\Users\RieAnn\Documents\poll.rtf

[2013/09/20 09:42:15 | 000,003,060 | ---- | C] () -- C:\Users\RieAnn\Documents\easycheesedanish.rtf

[2013/09/10 12:33:48 | 000,704,674 | ---- | C] () -- C:\Users\RieAnn\Documents\img001.jpg

[2013/07/01 23:33:50 | 000,000,044 | ---- | C] () -- C:\Windows\XP-310.ini

[2012/10/25 15:37:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/10/25 15:37:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/10/25 15:37:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/10/25 15:37:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/10/25 15:37:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/28 12:54:46 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat

[2012/03/23 10:51:38 | 000,878,992 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/01/10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/07/11 19:18:21 | 000,000,000 | ---D | M] -- C:\Users\RieAnn\AppData\Roaming\Epson

[2013/07/01 23:33:58 | 000,000,000 | ---D | M] -- C:\Users\RieAnn\AppData\Roaming\Leadertech

[2013/08/12 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\RieAnn\AppData\Roaming\Oracle

[2013/07/06 16:38:00 | 000,000,000 | ---D | M] -- C:\Users\RieAnn\AppData\Roaming\Windows Live Writer

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2010/01/14 17:42:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/09/30 15:29:41 | 000,020,543 | ---- | M] () -- C:\ComboFix.txt

[2013/10/03 14:32:59 | 3062,910,976 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/27 11:19:58 | 000,004,355 | ---- | M] () -- C:\ioloUpdate.log

[2013/10/03 14:32:59 | 1829,765,119 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/08/09 23:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/08/09 21:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/08/09 22:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/08/09 22:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/08/09 22:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/08/09 23:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013/08/09 21:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)

< End of report >

 

 

*******************************************************************************************************************************************************************************************

 

extras report

 

OTL Extras logfile created on: 10/3/2013 3:28:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RieAnn\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16686)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.80 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 74.82% Memory free

9.51 Gb Paging File | 7.90 Gb Available in Paging File | 83.08% Paging File free

Paging file location(s): c:\pagefile.sys 5841 6041 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 198.96 Gb Free Space | 66.74% Space Free | Partition Type: NTFS

 

Computer Name: 1BAD-KITTY | User Name: RieAnn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{518BA01B-D433-4543-8814-734E9A978960}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{5394144F-9115-4F45-AB31-A6190721C5DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{72C59EAD-E4BF-4A88-8181-AA558871A472}" = lport=2869 | protocol=6 | dir=in | app=system |

"{84C99CE6-6576-4733-9CE4-5219D100B0C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{94FCEDF7-E104-4211-B9BF-29A4091C205D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{AD46B6AF-F5C4-4450-A3CE-B92819EF20A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B2D89C12-B403-42C5-A804-87CFA16BEA57}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C8AAC203-157B-4C60-A0C5-3FF8F8AB0EEA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D54E75BF-DA4B-4A1D-9103-209BAD44737F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E6B245DD-1F1A-496D-A8B5-451C3C5E0B2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F6B091B1-B39F-410E-AE45-8153ADB74D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{027AF66F-6924-4DDC-B0E3-67EEB60EA4E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{0F7A4C2E-11E8-441E-BCD8-5B8B1DCA582D}" = dir=out | app=c:\users\rieann\appdata\local\temp\ibtmp213d533\component_342.decrpt |

"{0F89935C-8120-4935-9662-79FB1043AF42}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{18789F2D-F736-4CF1-A5BC-92F38472F90E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{18CEEA42-191E-43CD-B0AB-6F35740F2262}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1B1D4CAB-1DF0-4264-B98E-0163B0D36325}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{24B3A472-8FC4-45CC-8BA2-EBCD3951651A}" = dir=out | app=c:\users\rieann\downloads\videoperformersetup.exe |

"{2641613F-4513-40AB-900B-A48D0E3EFE02}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{2B1B1FC0-FB94-4538-A607-DFB89D4D3F88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2DA061BD-8433-4771-A454-0039D4C484B6}" = dir=in | app=c:\users\rieann\appdata\local\temp\ibtmp213d533\component_566 |

"{2F38432A-101E-48ED-A75F-A43B673F6014}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft\bingdesktop\bingdesktop.exe |

"{2FFB3855-89D5-41E5-B8D1-FBD3D6B724DF}" = dir=out | app=c:\users\rieann\appdata\local\microsoft\windows\temporary internet files\content.ie5\rpsv04td\videoperformersetup.exe |

"{3F4D6E11-BB6E-4C36-A80B-676F7F3485BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft\bingdesktop\bingdesktop.exe |

"{40CB5DAE-8F17-4D4E-9435-2C00C34D2CBE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{418906E4-9884-4C88-9BC7-DF1B07C7A5E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{53A89476-AFB9-4848-AE9F-771F0A8F1F68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{55BE46CB-F55B-449A-B183-F47A6EACE7E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{561EE4F1-DCE8-48E5-A9C1-C3C29D374EE8}" = dir=out | app=c:\users\rieann\appdata\local\temp\ibtmp213d533\component_566 |

"{6CC8AF71-8CC5-44A0-85E7-9B25CEE499A7}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{7338E6BD-5A84-4F2E-A56A-F8AA841E8624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7EDF2CD8-E366-4FF1-9B96-FD700987E6B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{8102A445-CEFE-4367-9356-139DA1F146A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8CF611FF-0E77-4E8C-81F8-7CBBA6B17B15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8FFA5382-C3D1-4C6D-BAF2-718345C1CDB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{913724EF-A718-4BFF-BF69-D007AD90C418}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{928207E7-86E2-41F9-96FE-39740EA6740D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9E15C4A3-91FB-45D3-80D3-ABCADD994629}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9F0B7CC8-6F45-40C6-95E5-ABD4492AF595}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{B5FF8A9A-8829-4240-86D8-5748B30A4B1F}" = protocol=6 | dir=out | app=system |

"{BAE958B1-B7DC-4A9A-B582-43394D70EA36}" = dir=in | app=c:\users\rieann\appdata\local\microsoft\windows\temporary internet files\content.ie5\rpsv04td\videoperformersetup.exe |

"{BB867EA2-E261-409F-A5F1-2E0C01E518FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BB9F4F95-3D73-4033-BA8C-8E6EE70B5D58}" = dir=in | app=c:\users\rieann\appdata\local\temp\ibtmp213d533\component_342.decrpt |

"{CA78ABF8-7E4A-4E22-ABF8-0324BFB5513F}" = dir=in | app=c:\users\rieann\downloads\videoperformersetup.exe |

"{CC1D315A-A7CF-419F-8823-0DF61593DF68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D1ADC078-1D13-43E0-9C25-C8C77BDCD655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FBCC5B3A-222A-49F1-8A19-F85951EBE05A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{08C69D8B-0032-45CB-823E-48F70F4F7B94}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{8EAEE5D7-7BDA-4EF0-A884-6A0B63116DE0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON XP-310 Series" = EPSON XP-310 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PC-Doctor for Windows" = Dell Support Center

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Zune" = Zune

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{10144CFE-D76C-4CFA-81A1-37A1642349A3}" = Epson Event Manager

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{302188C7-ADCF-4328-8E2E-FE9DCC2F40BD}" = Hauppauge TV Tuner Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{53E4CE64-629E-4590-AB43-1D8C85A6E621}" = The Print Shop 2.0 Deluxe

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D60071DB-459C-465C-92EF-336E65F1A436}" = Software Updater

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F3546E18-1E8C-40C0-8F32-10110A8328C8}" = HP Webcam Software Suite

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"EPSON Connect_is1" = EPSON Connect version 1.0

"EPSON Scanner" = EPSON Scan

"MSC" = McAfee SecurityCenter

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Messenger" = Yahoo! Messenger

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"bd4d3a0508d364f5" = Dell Driver Download Manager

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/3/2013 5:34:53 PM | Computer Name = 1Bad-Kitty | Source = Application Hang | ID = 1002

Description = The program YahooMessenger.exe version 11.5.0.228 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: e0c Start

Time: 01cec0802f486a27 Termination Time: 8 Application Path: C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

Report

Id: 9b7c977d-2c73-11e3-9ceb-d5ae3feb32e5

 

[ System Events ]

Error - 10/3/2013 5:33:14 PM | Computer Name = 1Bad-Kitty | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

 

< End of report >

 

 

:trumpet: I cant believe I got all the reports done, let me know whats next.. :rolleyes:   Thank you.. :thumbsup2:



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 04 October 2013 - 04:02 PM

Hi NTStar

I cant believe I got all the reports done, let me know whats next.

Nice one... well done.
Yes it can seem a bit daunting at first..... but it's a lot easier than you thought, isn't it? :)
When i had my first PC, my son had to show me how to turn it off!

2 easy steps this time:

Step 1
I've added the sites that are in the trusted zone, to the fix.
Basically it's not recommended to have sites in this zone unless you are 100% sure they are safe.
Removing them won't cause any problems.... if they need to be there, they'll be added again automatically when needed.

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {81E93B9C-1052-4697-AAFE-B40CD69C1D22} - No CLSID value found.
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Local intranet)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: googletalk.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: ussex.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: yahoo.com ([my] http in Local intranet)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
MsConfig:64bit - StartUpReg: SmileboxTray - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles



Step 2
Java has been updated again,
I'll explain how to update it:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 40 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 40".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    .
    Java™ 7 Update 5 (64-bit)
    Java 7 Update 25

    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
Otl fix report
and let me know how the system is running?
Any problems with updating Java?


Thanks.

BBPP6nz.png


#7 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 04 October 2013 - 05:49 PM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{81E93B9C-1052-4697-AAFE-B40CD69C1D22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81E93B9C-1052-4697-AAFE-B40CD69C1D22}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\get\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bankofamerica.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\googletalk.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ussex.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\my\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SmileboxTray\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\RieAnn\Desktop\cmd.bat deleted successfully.
C:\Users\RieAnn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 499634 bytes
->Flash cache emptied: 57076 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: RieAnn
->Temp folder emptied: 7229498 bytes
->Temporary Internet Files folder emptied: 61459121 bytes
->Java cache emptied: 8590 bytes
->Flash cache emptied: 540 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715826 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7296 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42330188 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 108.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10042013_141433

Files\Folders moved on Reboot...
C:\Users\RieAnn\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NV89ZZBK\java-se-runtime-enviro-7-update-25-oracle-america-inc[1].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIM29U6C\fastbutton[1].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIM29U6C\like[1].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4F7X7H26\postmessageRelay[1].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4F7X7H26\xd_arbiter[1].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4F7X7H26\xd_arbiter[2].htm moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\RieAnn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

I deleted the extra Java old stuff...  I will let you know whats up with my computer how its running a little later...  I gotta run out for a few now - you are a star just getting me this far!!!

 

Much respect for you and thanks ----- NTStar



#8 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 06 October 2013 - 12:32 AM

Hey Starbuck,

 

     Problems still with my computer..  (1) I cant get  Vegas World yahoo messenger game to open up, I just get a black screen.  In fact I cant get any games on yahoo to work..  (2) when I left click on a link it takes a very long time for it to open...  Or it doesn't open at all, links/sites are only opening up like 1/2 way.  Not all the way.  So I have to refresh the screen and or go out of it and go back in.

 

     So, no its not running any better, and it almost seems like Im seeing like fake pages.  Like not the real sites the way I am used to seeing them. I click on the link and it doesn't like show me any preferences on yahoo.com.  Like it doesn't let me  do any like adult searches like on McAfee searches and well maybe my McAfee is corrupted...  I just don't know.. Its so hard to explain!!!  :smash: .  This will solve my issues, lol..

     What you think????

 

     Its still not working right...  :wacko:



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 06 October 2013 - 05:14 AM

Hi NTStar

Ok, let's look a little deeper then.

Download RogueKiller64 and save it to your desktop.
  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Thanks

BBPP6nz.png


#10 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 07 October 2013 - 10:20 AM

RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : RieAnn [Admin rights]

Mode : Scan -- Date : 10/07/2013 08:10:04

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MK3276GSX +++++

--- User ---

[MBR] aa1ea22e75862f9b8458e08b6e9c74bc

[BSP] 5f1e0a3c111663826908173b63742d12 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_10072013_081004.txt >>

 

I have no clue how to understand this report, but I do notice it says windows vista, I have windows 7?  Anyways I also noticed that I have a quarantined folder from this rogue place too.  what do I do with that? 

 

Hopefully this will now help..  I need to get back to my gaming as I do that with my callers and its part of how I make my money.  Thank you for your help always, I totally appreciate all your help you have given me..  I will check things out again and see if this solves my issues.  Do you see anymore issues from looking at the reports???  Just curious..  Hope you have a great day,  NTStar

 

P.S. We are both stars, I just now noticed, lol

 

 

 

 



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 07 October 2013 - 03:44 PM

I'm having to post this from my phone as I have Internet connection problems at the moment.
Hopefully an engineer will be here soon
I will post a proper reply as soon as I can
Sorry for the inconvenience.

BBPP6nz.png


#12 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 07 October 2013 - 07:13 PM

I understand about the connection issues, that happens to me occasionally too..  But anyways, bigger problems now for me..  I went to check my online banking and I went and I put in the wrong security code!   I put it in right!!!!  I did it again and it said the same thing 2 more times!!  So I used a new ie browser and then when I put in my account info and password it said that was wrong!!!!!!!!!  I did it a few more times and it said that it was the wrong account info!!!!!!!!!!!!

 

OMG., I am so panicked!!!!!!!!!!  HELP, HELP, HELP me please!!!!!!!!!!  Its getting dangerous for real now!!!

 

Thank you,

 

NTStar :killcomp:



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:53 AM

Posted 08 October 2013 - 03:12 PM

Hi NTStar
 

I also noticed that I have a quarantined folder from this rogue place too. what do I do with that?

Just leave that for now, it's meant to be there.
 

I do notice it says windows vista, I have windows 7

Nothing to worry about.
We see this sometimes.
 

I have no clue how to understand this report

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
    Only select the items below:
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.
  • A copy of the RKreport.txt can be found on your desktop.

    If you are having problems with your browser, i suggest we reset the browser. ( sometimes Adware can change settings and the simplest thing is to reset it)
    I see you have IE and Firefox as browsers:

    To reset Internet Explorer:.
    • Close any Internet Explorer or Windows Explorer windows that are currently open.
    • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
    • Click the Tools button, and then click Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
    • In the Reset Internet Explorer Settings dialog box, click Reset.
    • When Internet Explorer finishes applying default settings, click Close, and then click OK.
    • Close Internet Explorer.
    • Your changes will take effect the next time you open Internet Explorer.
    To Reset Firefox:
    • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
    • Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.
    • Firefox will close and be reset. When it's done, a window will list the information that was imported.
    • Click Finish and Firefox will open.
    Note:
    After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
    If you don't need this folder any longer, you should delete it as it contains sensitive information.

    The reset feature works by creating a new profile folder for you while saving your most important data.

    Firefox will try to keep the following data:
    • Bookmarks
    • Browsing history
    • Passwords
    • Cookies
    • Web form auto-fill information
    • Personal dictionary
    The reports aren't showing any obvious malware, but maybe we should check for anything hidden:

    Download Malwarebytes Anti-Rootkit
    • Unzip the File to a convenient location. (Recommend the Desktop)
    • Open the folder where the contents were unzipped to run mbar.exe

      Image1.png
    • Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

      mbarwm.png
    • If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)
    • The following image opens, select Next.

      Image2.png
    • The following image opens, select Update

      Image3.png
    • When the Update completes, select Next

      Image4.png
    • In the following window ensure "Targets" are ticked. Then select "Scan"

      Image5.png
    • If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

      MBAntiRKclean.png
    • Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

      MBAntiRKclean1.png
    • Select "Yes" to close down the program. If NO infections were found you will see the following image:

      Image6.png
    • Select "Exit" to close down.
    • Copy and paste the two following logs from the mbar folder:
    System - log
    Mbar - log Date and time of scan will also be shown

    Image10.png


    Post those two logs in your next reply.

BBPP6nz.png


#14 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 08 October 2013 - 04:44 PM

OMG, really...  you think I am capable of doing all this..   :o I will give it a go and try my best..  Thank you again for your help :bowdown: 

 

NTStar  :busy: 



#15 NTStar

NTStar
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California, United States
  • Local time:09:53 PM

Posted 08 October 2013 - 04:50 PM

BTW,  You say  "Close all the running processes"  does this mean turn off McAfee and the firewall too???

 

NTStar..........






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users