Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search.SnapDo.com


  • This topic is locked This topic is locked
21 replies to this topic

#1 jtrunzo

jtrunzo

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 16 October 2013 - 11:40 AM

Browsers have been hi-jacked by Search.SnapDo.com.  The toolbar is not listed in Add/Remove programs.    I did run malwarebytes to detect problems.  It found 70+ PUPs but I did not remove anything for fear of creating other issues. Also notices that MS Security Essentials was not working.  I have it working again and I'm currently performing a full scan.  Need assistance in removing this malware... 

 

Thanks,

 

  ~Jeffrey


 

 

~Jeffrey


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 17 October 2013 - 03:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:
 

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine.  Please perform the following scan again:
 

  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE


 

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again






Thanks and again sorry for the delay.


Edited by fireman4it, 17 October 2013 - 03:11 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 19 October 2013 - 05:51 PM

No problem, I had a few vacation days and do not have access to the computer.  I'll send the requested logs on Monday when I return.

 

Thanks,

 

  ~Jeffrey


 

 

~Jeffrey


#4 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 October 2013 - 01:22 PM

Requested info attached.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.25.2
Run by Kelly at 14:10:04 on 2013-10-21
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3061.1738 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================

 

.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TidyNetwork.com: {7736C7FA-512D-11E2-B871-DEC36088709B} -
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\users\kelly\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{5C3653F1-AC8D-4F61-ABFF-B828CDC8853B} : DHCPNameServer = 75.75.76.76 75.75.75.75
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\tjs5rauv.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\kelly\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\kelly\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\kelly\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-16 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-10-15 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 107392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-17 111616]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-16 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-16 22856]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2013-2-13 17536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-10-21 00:13:26 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1dc55332-2599-496d-b1bf-a59d1e1ea1a0}\mpengine.dll
2013-10-19 00:09:11 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-10-19 00:09:10 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0e91179-3d2c-410e-b659-71cca8acf5df}\gapaengine.dll
2013-10-19 00:07:59 7796464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-16 13:17:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-16 13:17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-15 19:12:42 -------- d-----w- c:\users\kelly\appdata\local\LogMeIn
2013-10-15 19:12:36 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-10-15 19:12:36 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-10-15 19:12:35 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-15 19:12:35 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-15 19:12:35 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-10-15 19:12:28 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-15 19:12:22 -------- d-----w- c:\programdata\LogMeIn
2013-10-15 19:11:53 -------- d-----w- c:\program files\LogMeIn
2013-10-15 18:51:04 20402176 ----a-w- c:\users\kelly\LogMeIn.msi
2013-10-12 13:58:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 13:58:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 21:18:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-10-11 21:00:56 -------- d-----w- c:\windows\pss
2013-10-11 20:59:37 -------- d-----w- c:\users\kelly\appdata\local\Smartbar
2013-10-11 20:58:10 -------- d-----w- c:\users\kelly\appdata\local\DealPlyLive
2013-10-11 20:58:01 -------- d-----w- c:\programdata\HitmanPro
2013-10-11 20:57:08 -------- d-----w- c:\users\kelly\appdata\local\GreatArcadeHits
2013-10-11 20:57:02 -------- d--h--w- c:\programdata\Common Files
2013-10-11 19:57:37 -------- d-----w- c:\users\kelly\appdata\local\LogMeIn Rescue Applet
2013-10-10 15:50:29 -------- d-----w- c:\windows\PCHEALTH
2013-10-10 15:49:08 -------- d-----w- c:\windows\SHELLNEW
2013-10-10 12:28:45 -------- d-----w- c:\program files\Microsoft Security Client
2013-10-09 19:05:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 19:04:31 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-06 14:41:54 193824 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-10-05 13:28:49 -------- d-----w- c:\program files\iPod
2013-10-05 13:28:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-05 13:28:46 -------- d-----w- c:\program files\iTunes
2013-10-01 22:37:23 7328304 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-09-23 00:38:24 615936 ----a-w- c:\windows\system32\themeui.dll
.
==================== Find3M  ====================
.
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-08-07 18:22:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-07 18:22:45 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-07 18:22:44 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-07 08:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 14:10:50.37 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/16/2008 4:17:30 PM
System Uptime: 10/20/2013 10:35:58 PM (16 hours ago)
.
Motherboard: Dell Inc. |  | 0U990C
Processor: Intel® Core™2 Duo CPU     T5800  @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 121.672 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.877 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP351: 10/14/2013 5:09:11 PM - Installed Microsoft Office Home and Student 2007
RP352: 10/14/2013 5:09:29 PM - Windows Update
RP353: 10/15/2013 3:09:51 PM - Installed LogMeIn
RP354: 10/15/2013 4:19:25 PM - Windows Update
RP355: 10/18/2013 8:04:23 PM - Windows Update
RP356: 10/20/2013 10:22:32 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.4)
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon MP3 Downloader 1.0.12
Amazon MP3 Uploader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Boulder Dash - Pirates Quest
Browser Address Error Redirector
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CustomerResearchQFolder
CutePDF Writer 3.0
D4300
D4300_Help
Dealply
DealPly (remove only)
Defraggler
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DELL0604
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
Dropbox
EDocs
eSupportQFolder
Everio MediaBrowser 3
Facebook Plug-In
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
GreatArcadeHits
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Photosmart 7520 series Basic Device Software
HP Photosmart 7520 series Help
HP Photosmart 7520 series Product Improvement Study
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
iCloud
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java Auto Updater
Jewel Quest III (remove only)
Laptop Integrated Webcam Driver (1.04.01.1011) 
LG USB Modem driver
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MobileMe Control Panel
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCSetup
NetWaiting
OGA Notifier 2.0.0048.0
PHOTOfunSTUDIO 6.0
PSSWCORE
QuickSet
QuickShare
QuickTime
Reimage Express
RollerCoaster Tycoon 3 Platinum
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Shared C Run-time for x86
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VideoToolkit01
WebReg
WildTangent Games
Zuma's Revenge!
Zuma Deluxe RA
.
==== Event Viewer Messages From Past Week ========
.
10/20/2013 9:44:04 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
10/20/2013 9:42:46 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/20/2013 9:42:46 PM, Error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
10/16/2013 9:03:17 AM, Error: EventLog [6008]  - The previous system shutdown at 8:51:06 AM on 10/16/2013 was unexpected.
10/16/2013 8:49:34 AM, Error: Service Control Manager [7022]  - The KtmRm for Distributed Transaction Coordinator service hung on starting.
10/16/2013 8:47:30 AM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.
10/15/2013 9:34:05 PM, Error: EventLog [6008]  - The previous system shutdown at 7:34:39 PM on 10/15/2013 was unexpected.
10/15/2013 10:59:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/15/2013 10:33:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2288.0).
10/15/2013 10:31:50 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.159.2184.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9901.0   Error code: 0x80070643   Error description: Fatal error during installation.
10/15/2013 10:21:42 PM, Error: Service Control Manager [7022]  - The TPM Base Services service hung on starting.
10/15/2013 10:21:42 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
10/15/2013 10:21:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
10/15/2013 10:02:47 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.159.2184.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9901.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/14/2013 5:14:07 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.159.1988.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9901.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/14/2013 5:12:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/14/2013 5:12:14 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/14/2013 5:12:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/14/2013 4:32:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.159.1988.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9901.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
10/14/2013 4:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/14/2013 4:23:32 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MpFilter spldr Wanarpv6
10/14/2013 4:23:32 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/14/2013 4:23:32 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/14/2013 4:23:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/14/2013 4:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/14/2013 4:23:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2013 4:23:08 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
10/14/2013 4:23:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/14/2013 4:22:40 PM, Error: EventLog [6008]  - The previous system shutdown at 4:13:09 PM on 10/14/2013 was unexpected.
.
==== End Of File ===========================
 

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kelly [Admin rights]
Mode : Scan -- Date : 10/21/2013 14:14:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] Dealply.job : C:\Users\Kelly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] Dealply : C:\Users\Kelly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Kelly\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x6DFAF5A4)
[Inline] EAT @explorer.exe (??_7CWbemInstance@@6BCClassPartContainer@@@) : fastprox.dll -> HOOKED (Unknown @ 0xE9138293)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69F84927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69F84984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69FA2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69F8FA79)
[Inline] EAT @iexplore.exe (NSGenericException) : CoreFoundation.dll -> HOOKED (Unknown @ 0x5B4C7373)
[Inline] EAT @iexplore.exe (NSInternalInconsistencyException) : CoreFoundation.dll -> HOOKED (Unknown @ 0x5B6C737B)
[Inline] EAT @iexplore.exe (NSStreamDataWrittenToMemoryStreamKey) : CoreFoundation.dll -> HOOKED (Unknown @ 0x6A355417)
[Inline] EAT @iexplore.exe (kCFStreamPropertyDataWritten) : CoreFoundation.dll -> HOOKED (Unknown @ 0x6A355417)
[Inline] EAT @iexplore.exe (kCFFTPStatusCodeKey) : CFNetwork.DLL -> HOOKED (Unknown @ 0x81514BEF)
[Inline] EAT @iexplore.exe (kCFHTTPAuthenticationSchemeDigest) : CFNetwork.DLL -> HOOKED (Unknown @ 0x81514116)
[Inline] EAT @iexplore.exe (kCFStreamPropertyHTTPSProxyHost) : CFNetwork.DLL -> HOOKED (Unknown @ 0x815147C7)
[Inline] EAT @iexplore.exe (kCFStreamPropertySOCKSProxyPort) : CFNetwork.DLL -> HOOKED (Unknown @ 0x81514AE5)
[Inline] EAT @iexplore.exe (kCFStreamPropertySOCKSUser) : CFNetwork.DLL -> HOOKED (Unknown @ 0x81514AE5)
[Inline] EAT @iexplore.exe (kCFStreamPropertySSLSettings) : CFNetwork.DLL -> HOOKED (Unknown @ 0x5958CEBD)
[Inline] EAT @iexplore.exe (kCFStreamPropertySocketRemoteHost) : CFNetwork.DLL -> HOOKED (Unknown @ 0x8151419B)
[Inline] EAT @iexplore.exe (kCFStreamSSLAllowsExpiredCertificates) : CFNetwork.DLL -> HOOKED (Unknown @ 0x59D0CEC9)
[Inline] EAT @iexplore.exe (kCFStreamSSLAllowsExpiredRoots) : CFNetwork.DLL -> HOOKED (Unknown @ 0x59F8CECD)
[Inline] EAT @iexplore.exe (kCFStreamSSLCertificates) : CFNetwork.DLL -> HOOKED (Unknown @ 0x59F8CECD)
[Inline] EAT @iexplore.exe (kCFStreamSSLIsServer) : CFNetwork.DLL -> HOOKED (Unknown @ 0x5A48CED5)
[Inline] EAT @iexplore.exe (kCFStreamSSLLevel) : CFNetwork.DLL -> HOOKED (Unknown @ 0x5A98CEDD)
[Inline] EAT @iexplore.exe (kCFStreamSSLPeerName) : CFNetwork.DLL -> HOOKED (Unknown @ 0x5A98CEDD)
[Inline] EAT @iexplore.exe (kCFStreamSSLValidatesCertificateChain) : CFNetwork.DLL -> HOOKED (Unknown @ 0x5AE8CEE5)
[Inline] EAT @iexplore.exe (kCVImageBufferPixelAspectRatioHorizontalSpacingKey) : CoreVideo.dll -> HOOKED (Unknown @ 0xBD94607B)
[Inline] EAT @iexplore.exe (kCVPixelBufferExactBytesPerRowKey) : CoreVideo.dll -> HOOKED (Unknown @ 0x95946171)
[Inline] EAT @iexplore.exe (kCVPixelBufferPoolFreeBufferNotification) : CoreVideo.dll -> HOOKED (Unknown @ 0xDD9460C6)
[Inline] EAT @iexplore.exe (kCVPixelFormatDirect3DInternalFormat) : CoreVideo.dll -> HOOKED (C:\Program Files\QuickTime\QTPlugin.ocx @ 0x65946059)
[Inline] EAT @iexplore.exe (kCGCFNumberPointerType) : CoreGraphics.dll -> HOOKED (Unknown @ 0x4E6DF5D4)
[Inline] EAT @iexplore.exe (kCGCFNumberSizeTType) : CoreGraphics.dll -> HOOKED (Unknown @ 0xA86DF5D8)
[Inline] EAT @iexplore.exe (kCGFontNameKeyDesignerURL) : CoreGraphics.dll -> HOOKED (Unknown @ 0x5DCFAA3F)
[Inline] EAT @iexplore.exe (kCGFontNameKeyLicense) : CoreGraphics.dll -> HOOKED (Unknown @ 0x5DCFAA3F)
[Inline] EAT @iexplore.exe (kCGPDFContextBleedBox) : CoreGraphics.dll -> HOOKED (Unknown @ 0x5DCF69F0)
[Inline] EAT @iexplore.exe (kCGPDFContextEncryptionPermissions) : CoreGraphics.dll -> HOOKED (Unknown @ 0x5DCF6A31)
[Inline] EAT @iexplore.exe (kCGPDFContextOutputIntent) : CoreGraphics.dll -> HOOKED (Unknown @ 0x5DCF6A31)
[Inline] EAT @iexplore.exe (kCGPDFDocumentCreationDate) : CoreGraphics.dll -> HOOKED (Unknown @ 0xB0D01859)
[Inline] EAT @iexplore.exe (kCGPDFDocumentModificationDate) : CoreGraphics.dll -> HOOKED (Unknown @ 0xB0D01859)
[Inline] EAT @iexplore.exe (kColorSyncDeviceProfilesNotification) : CoreGraphics.dll -> HOOKED (Unknown @ 0x65DAAF36)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 274e2d48b1de91947f32f65994d19bba
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 225874 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483153920 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10212013_141449.txt >>

 

 

 

 


 

 

~Jeffrey


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 21 October 2013 - 07:32 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 October 2013 - 08:32 AM

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kelly [Admin rights]
Mode : Remove -- Date : 10/22/2013 09:24:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Del39968594 (cmd.exe /Q /D /c del "C:\Users\Kelly\AppData\Local\Temp\0.del" [x][x]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Del39968594 (cmd.exe /Q /D /c del "C:\Users\Kelly\AppData\Local\Temp\0.del" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-4266012507-1273286764-1521692687-1000\[...]\RunOnce : Del39968594 (cmd.exe /Q /D /c del "C:\Users\Kelly\AppData\Local\Temp\0.del" [x][x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] Dealply.job : C:\Users\Kelly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V1][SUSP PATH] DigitalSite.job : C:\Users\Kelly\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
[V2][SUSP PATH] Dealply : C:\Users\Kelly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] DigitalSite : C:\Users\Kelly\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> ERROR DELETING TASK
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Kelly\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x6EEC09A4)
[Inline] EAT @explorer.exe (??_7CWbemInstance@@6BCClassPartContainer@@@) : fastprox.dll -> HOOKED (Unknown @ 0xE96A82EA)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737A4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737A4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737C2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737AFA79)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737A4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737A4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737C2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x737AFA79)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 274e2d48b1de91947f32f65994d19bba
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 225874 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483153920 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10222013_092428.txt >>
RKreport[0]_S_10212013_141449.txt;RKreport[0]_S_10222013_092207.txt


 

 

~Jeffrey


#7 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 October 2013 - 08:36 AM

 

 

Here you go.  Thanks!

 

 

# AdwCleaner v3.010 - Report created 22/10/2013 at 09:33:52
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Kelly - ELPEGREN
# Running from : C:\Users\Kelly\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

File Found : C:\Users\Kelly\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\openit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Found C:\Users\Kelly\AppData\Local\DealPlyLive
Folder Found C:\Users\Kelly\AppData\Local\Smartbar
Folder Found C:\Users\Kelly\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Kelly\AppData\Roaming\digitalsite

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\tjs5rauv.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.installationid", "ed2b1641-33eb-20a1-b625-f37044b5c80e");
Line Found : user_pref("extensions.helperbar.installdate", "11/10/2013");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7232 octets] - [22/10/2013 09:33:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7292 octets] ##########


 

 

~Jeffrey


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 22 October 2013 - 02:24 PM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 October 2013 - 02:40 PM

adwcleaner has locked up twice while attempting to clean.  I'm trying a third time and will let you know what happens.  Not sure if a log will be available but I'll post if it is.


 

 

~Jeffrey


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 22 October 2013 - 02:44 PM

Try safemode if it wont work.

 

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 October 2013 - 02:47 PM

# AdwCleaner v3.010 - Report created 22/10/2013 at 15:37:56
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Kelly - ELPEGREN
# Running from : C:\Users\Kelly\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kelly\AppData\Local\Smartbar
Folder Deleted : C:\Users\Kelly\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Kelly\AppData\Roaming\digitalsite
File Deleted : C:\Users\Kelly\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\tjs5rauv.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.installationid", "ed2b1641-33eb-20a1-b625-f37044b5c80e");
Line Deleted : user_pref("extensions.helperbar.installdate", "11/10/2013");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [7372 octets] - [22/10/2013 09:33:52]
AdwCleaner[R1].txt - [7541 octets] - [22/10/2013 15:27:41]
AdwCleaner[R2].txt - [7313 octets] - [22/10/2013 15:30:37]
AdwCleaner[R3].txt - [7432 octets] - [22/10/2013 15:36:53]
AdwCleaner[S0].txt - [631 octets] - [22/10/2013 15:28:31]
AdwCleaner[S1].txt - [342 octets] - [22/10/2013 15:31:48]
AdwCleaner[S2].txt - [7464 octets] - [22/10/2013 15:37:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7524 octets] ##########


 

 

~Jeffrey


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 22 October 2013 - 02:49 PM

Let me know how the machine is running?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 October 2013 - 02:59 PM

Still have search.snapdo.com when I select a second browser tab.  I was able to disable the add-on but cannot remove it from IE.

 

Firefox does the same thing, when a second tab is selected, search.snapdo comes up.  i can't find any being refered to Snapdo in the addons.


 

 

~Jeffrey


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:38 AM

Posted 22 October 2013 - 03:11 PM

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 jtrunzo

jtrunzo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 24 October 2013 - 08:14 AM

OTL logfile created on: 10/24/2013 8:58:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kelly\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.27% Memory free
6.18 Gb Paging File | 4.60 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 120.97 Gb Free Space | 54.84% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.88 Gb Free Space | 49.94% Space Free | Partition Type: NTFS
 
Computer Name: ELPEGREN | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/24 08:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Downloads\OTL.exe
PRC - [2013/10/22 20:08:24 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/10/22 20:08:11 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2013/04/30 10:57:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/09 15:47:12 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/09 15:45:35 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/08/30 19:38:25 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\7fd66554e201554f067d56ec2ea231bc\MenuSkinning.ni.dll
MOD - [2013/08/30 19:38:05 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll
MOD - [2013/08/30 19:38:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/30 19:38:01 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\9cc93eb4abb656108271027774b6b08a\DellDock.ni.exe
MOD - [2013/08/30 19:37:59 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\a7366c517a928f66691745f5c667d82f\MyDock.Util.ni.dll
MOD - [2013/08/26 20:31:31 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/26 20:30:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/26 20:29:26 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/07 15:25:26 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/08/07 15:22:16 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/10/22 20:08:24 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/10/22 20:08:11 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/12 09:58:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/06 10:42:31 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/16 23:52:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pqeetbwl.sys -- (pqeetbwl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kelly\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/10/22 20:08:13 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/10/22 09:19:03 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/30 10:57:02 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/09 12:55:40 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2008/07/03 09:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 05:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 03:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 01:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 01:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
IE - HKLM\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {ed2b1641-33eb-20a1-b625-f37044b5c80e}:1.0
FF - prefs.js..extensions.enabledItems: {23ee2bc8-364e-414b-8b89-5f5d677c67b6}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.111
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kelly\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kelly\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/06 10:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/10 11:51:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kelly\AppData\Roaming\Move Networks [2009/11/10 01:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Kelly\AppData\Local\GreatArcadeHits\gahff.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/06 10:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/10 11:51:22 | 000,000,000 | ---D | M]
 
[2009/02/27 15:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions
[2013/10/11 17:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\tjs5rauv.default\extensions
[2013/10/22 09:19:32 | 000,003,746 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\tjs5rauv.default\searchplugins\safeguard-secure-search.xml
[2013/10/06 10:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/06 10:42:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:31:48 | 000,001,949 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: No name found = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
 
O1 HOSTS File: ([2013/08/09 09:13:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C3653F1-AC8D-4F61-ABFF-B828CDC8853B}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
 CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/22 09:33:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/22 09:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\AVG SafeGuard toolbar
[2013/10/22 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Roaming\0D0S1L2Z1P1B
[2013/10/22 09:19:14 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/10/22 09:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/10/22 09:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/10/21 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\RK_Quarantine
[2013/10/21 14:08:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kelly\Desktop\dds.scr
[2013/10/16 09:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/16 09:17:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/16 09:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/16 08:52:09 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\errors
[2013/10/15 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\LogMeIn
[2013/10/15 15:12:36 | 000,031,560 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/10/15 15:12:35 | 000,086,888 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
[2013/10/15 15:12:35 | 000,086,888 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/10/15 15:12:35 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2013/10/15 15:12:28 | 000,092,488 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll.000.bak
[2013/10/15 15:12:28 | 000,085,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/10/15 15:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/10/15 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2013/10/11 17:18:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/10/11 17:00:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/10/11 16:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/11 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\GreatArcadeHits
[2013/10/11 16:57:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/11 16:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/11 15:57:37 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\LogMeIn Rescue Applet
[2013/10/10 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/10/10 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/10/10 11:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/10/10 11:50:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/10/10 11:49:08 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013/10/10 11:47:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/10/10 10:21:21 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Documents\OneNote Notebooks
[2013/10/10 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/10 08:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/10/06 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/05 09:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/05 09:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/05 09:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/05 09:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/24 08:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/24 08:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/24 07:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/23 19:44:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 19:44:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 19:11:11 | 001,968,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/23 19:11:11 | 000,591,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/23 10:16:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/22 20:08:13 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/10/22 20:08:12 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/10/22 20:08:12 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/10/22 15:44:34 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/22 09:19:20 | 000,003,746 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/22 09:19:03 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/10/22 09:14:56 | 001,060,070 | ---- | M] () -- C:\Users\Kelly\Desktop\adwcleaner.exe
[2013/10/21 22:13:04 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2013/10/21 14:10:39 | 000,951,808 | ---- | M] () -- C:\Users\Kelly\Desktop\RogueKiller.exe
[2013/10/21 14:07:55 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kelly\Desktop\dds.scr
[2013/10/18 20:22:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/16 09:17:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/15 15:12:26 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/10/15 14:51:04 | 020,402,176 | ---- | M] () -- C:\Users\Kelly\LogMeIn.msi
[2013/10/11 17:52:29 | 000,001,997 | ---- | M] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/11 17:50:29 | 000,265,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/11 17:18:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/10/10 08:59:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/10 08:45:19 | 000,000,945 | ---- | M] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/05 09:29:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013/10/22 09:19:07 | 000,003,746 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/22 09:14:56 | 001,060,070 | ---- | C] () -- C:\Users\Kelly\Desktop\adwcleaner.exe
[2013/10/21 14:10:38 | 000,951,808 | ---- | C] () -- C:\Users\Kelly\Desktop\RogueKiller.exe
[2013/10/16 09:17:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/15 15:12:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/10/15 15:12:10 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2013/10/15 14:51:04 | 020,402,176 | ---- | C] () -- C:\Users\Kelly\LogMeIn.msi
[2013/10/14 16:58:27 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/12 09:58:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/11 17:11:40 | 000,001,815 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/10/11 16:49:32 | 000,001,997 | ---- | C] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/11 16:49:32 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/11 16:47:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/11 16:47:57 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/10 09:08:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/10/10 08:28:54 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/10/05 09:29:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/13 09:47:06 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/08/13 08:59:56 | 000,000,066 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/03 16:06:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/28 18:15:50 | 000,000,552 | ---- | C] () -- C:\Users\Kelly\AppData\Local\d3d8caps.dat
[2010/09/23 19:12:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/07 14:27:24 | 000,870,128 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\mcs.rma
[2009/03/25 13:27:57 | 000,006,648 | ---- | C] () -- C:\Users\Kelly\AppData\Local\d3d9caps.dat
[2008/12/25 00:24:49 | 000,011,264 | ---- | C] () -- C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/22 09:19:23 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\0D0S1L2Z1P1B
[2011/06/13 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Amazon
[2010/09/12 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Atari
[2011/06/13 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\com.amazon.music.uploader
[2013/10/11 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Dropbox
[2009/04/06 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\eMusic
[2010/06/16 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Facebook
[2010/09/12 19:13:07 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Leadertech
[2012/10/22 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Oberon Media
[2010/06/22 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\PlayFirst
[2013/02/13 13:10:35 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\SBG-SVG
[2010/05/09 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Sling Media
[2013/04/17 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\SyncTunesDesktop
[2010/06/06 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\tmp
[2008/12/29 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2006/11/02 08:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 08:58:10 | 000,032,644 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/08/07 15:16:25 | 000,000,402 | ---- | C] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2013/10/11 16:47:57 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/10/11 16:47:58 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/10/12 09:58:37 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
<  c:\windows\*. /RP >
 
<  %ALLUSERSPROFILE%\Application Data\*. >
 
<  %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
<  %APPDATA%\*. >
[2013/10/22 09:19:23 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\0D0S1L2Z1P1B
[2013/02/04 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Adobe
[2011/06/13 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Amazon
[2012/03/22 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Apple Computer
[2010/09/12 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Atari
[2011/06/13 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\com.amazon.music.uploader
[2008/12/24 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Creative
[2009/01/16 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\CyberLink
[2008/12/24 01:11:02 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Dell
[2013/10/11 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Dropbox
[2009/04/06 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\eMusic
[2010/06/16 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Facebook
[2008/12/28 21:16:32 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Google
[2009/01/30 11:49:38 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\HP
[2013/08/21 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\HpUpdate
[2008/12/24 01:11:52 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Identities
[2011/07/04 17:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\InstallShield
[2010/09/12 19:13:07 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Leadertech
[2008/12/24 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Macromedia
[2009/04/30 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Malwarebytes
[2013/10/10 10:21:22 | 000,000,000 | --SD | M] -- C:\Users\Kelly\AppData\Roaming\Microsoft
[2009/11/10 01:18:22 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Move Networks
[2009/02/27 15:59:20 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla
[2012/10/22 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Oberon Media
[2010/06/22 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\PlayFirst
[2010/09/07 14:26:55 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Real
[2010/06/06 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Reallusion
[2008/12/29 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Roxio
[2013/02/13 13:10:35 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\SBG-SVG
[2013/07/12 20:04:23 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Skype
[2012/02/13 14:03:36 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\skypePM
[2010/05/09 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Sling Media
[2013/04/17 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\SyncTunesDesktop
[2010/06/06 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\tmp
[2013/05/27 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\U3
[2013/08/05 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Verizon
[2012/12/28 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Verizon_AR
[2008/12/29 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\WildTangent
[2009/06/30 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Yahoo!
 
<  %APPDATA%\*.exe /s >
[2013/01/30 14:45:44 | 001,114,624 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
[2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kelly\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013/05/24 20:48:34 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kelly\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2013/05/17 10:55:42 | 000,919,024 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kelly\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2010/06/16 01:34:42 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Kelly\AppData\Roaming\Facebook\uninstall.exe
[2011/06/13 19:41:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kelly\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/12/28 13:05:47 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{0B0934B3-8EED-482A-999C-3255C7831C01}\ARPPRODUCTICON.exe
[2012/12/28 13:05:47 | 000,057,344 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{0B0934B3-8EED-482A-999C-3255C7831C01}\NewShortcut2_D6EB88B17A2D418382FBD144606692BF.exe
[2012/12/28 13:02:52 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{73FC7091-F31D-440A-8496-22864FA2EC83}\ARPPRODUCTICON.exe
[2012/12/28 13:02:52 | 000,057,344 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{73FC7091-F31D-440A-8496-22864FA2EC83}\NewShortcut11_48BF6460C4A945B9BF7FB0FE457C2AE9.exe
[2012/12/28 13:02:52 | 000,057,344 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{73FC7091-F31D-440A-8496-22864FA2EC83}\NewShortcut1_4B3E393DCBA14BB399B4BDAD78E8886B.exe
[2009/11/10 01:18:22 | 000,127,325 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Move Networks\uninstall.exe
[2009/08/13 15:22:34 | 000,097,144 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Kelly\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
<  %SYSTEMDRIVE%\*.exe >
 
<  %systemroot%\*. /mp /s >
 
<  %systemroot%\system32\*.dll /lockedfiles >
 
<  %systemroot%\Tasks\*.job /lockedfiles >
 
<  %systemroot%\system32\drivers\*.sys /lockedfiles >
 
<  %systemroot%\System32\config\*.sav >
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
<  %systemroot%\system32\drivers\*.sys /90 >
[2013/10/22 09:19:03 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\system32\drivers\avgtpx86.sys
[2013/07/31 23:16:32 | 000,638,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E0F2FC9A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA031481
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E50C1642
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

OTL Extras logfile created on: 10/24/2013 8:58:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kelly\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.27% Memory free
6.18 Gb Paging File | 4.60 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 120.97 Gb Free Space | 54.84% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.88 Gb Free Space | 49.94% Space Free | Partition Type: NTFS
 
Computer Name: ELPEGREN | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014FEBDA-A360-4F25-82CD-CD840C3589B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{03034824-DE24-48F8-A991-3B2C9B9441BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08305505-B392-43B4-B9F6-F0095B2119A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2B2FDD97-9BF3-42B4-A758-14A26303511E}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe |
"{4E4A3AC8-B366-4525-887C-41BD102D8017}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{51864A2C-9C9B-4113-8F34-47652AB4E5A9}" = protocol=17 | dir=in | app=c:\users\kelly\appdata\roaming\dropbox\bin\dropbox.exe |
"{64546C5F-2E22-419C-A5CF-FB37BC64428A}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\sendafax.exe |
"{6E2FF9B1-8DEC-4B83-8E64-FCA5906921E1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{7A35FD3A-ADCD-4DC8-A01D-FE913D0FCD2E}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe |
"{8405D4FE-7495-4CBA-A444-FD9F451EA0FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FB2688D-D0DD-4B9D-82D3-0E85F85447D8}" = protocol=6 | dir=in | app=c:\users\kelly\appdata\roaming\dropbox\bin\dropbox.exe |
"{9130DD5D-3446-44B9-80DF-4C606B9177D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{969272DD-E3EF-4F31-A866-37A2AED8BD6E}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\devicesetup.exe |
"{A00986CE-A5CD-4D1E-A7EA-75A95F938B81}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{BAAD1604-79E6-4FD9-B4B6-BC8A0552C8CD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BE5E3534-C59E-4B15-8648-02CE7A7D63C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E2D613FA-C904-42E4-B82F-0BD70A46AF9B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E7147993-9BD5-42F6-85C6-B5814006E491}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\faxapplications.exe |
"{ED21DFBB-E3F4-45D4-9DF8-742A77A04EA0}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\digitalwizards.exe |
"{F1EE7FF4-DA19-4268-9D33-7E61C2EC82CE}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"TCP Query User{39ED6743-14C9-491B-ADC4-A8A0EAF91A00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{18CD8BA9-28D2-4884-8CBD-4287086EF923}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{08295D09-E002-48F8-905D-34E4B08509BA}" = HP Photosmart 7520 series Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0934B3-8EED-482A-999C-3255C7831C01}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{232F1B14-7126-491F-AC8C-6123BA58FDE2}" = QuickShare
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FEA36FC-30B7-F95D-71DA-54B7992F6438}" = Amazon MP3 Uploader
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser 3
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73FC7091-F31D-440A-8496-22864FA2EC83}" = Verizon Wireless Software Utility Application for Android - Samsung
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9AF653ED-E9AF-4ABF-85F6-9866030C0CC9}" = HP Photosmart 7520 series Product Improvement Study
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}" = LogMeIn
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99594A2-1685-4EAC-B11A-AA3719A35FC0}" = HP Photosmart 7520 series Basic Device Software
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Defraggler" = Defraggler
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Jewel Quest III" = Jewel Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Reimage Express" = Reimage Express
"Shop for HP Supplies" = Shop for HP Supplies
"WildTangent dell Master Uninstall" = WildTangent Games
"WT077190" = Boulder Dash - Pirates Quest
"Zuma Deluxe RA" = Zuma Deluxe RA
"Zuma's Revenge!1.0" = Zuma's Revenge!
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"DigitalSite" = Update for Zip Extractor
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Zip Extractor Packages" = Zip Extractor Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/29/2012 7:57:57 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/29/2012 7:57:57 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7192
 
Error - 12/29/2012 7:57:57 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7192
 
Error - 12/29/2012 7:57:58 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/29/2012 7:57:58 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8206
 
Error - 12/29/2012 7:57:58 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8206
 
Error - 12/29/2012 7:57:59 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/29/2012 7:57:59 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9204
 
Error - 12/29/2012 7:57:59 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9204
 
Error - 12/29/2012 7:58:00 AM | Computer Name = ElPeGren | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Broadcom Wireless LAN Events ]
Error - 8/7/2013 9:35:35 AM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 09:35:34, Wed, Aug 07, 13 Error - Unable to gain access to user store

 
Error - 8/13/2013 9:11:24 AM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 09:11:24, Tue, Aug 13, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/13/2013 9:53:09 AM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 09:53:09, Tue, Aug 13, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/13/2013 1:40:13 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 13:40:13, Tue, Aug 13, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/15/2013 7:31:42 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 19:31:42, Thu, Aug 15, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/15/2013 7:31:42 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 19:31:42, Thu, Aug 15, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/21/2013 6:58:50 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 18:58:50, Wed, Aug 21, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 8/30/2013 8:26:13 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 20:26:13, Fri, Aug 30, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 10/9/2013 3:38:01 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 15:38:01, Wed, Oct 09, 13 Error - User "" does not have administrative
 privileges on this system
 
Error - 10/11/2013 5:49:07 PM | Computer Name = ElPeGren | Source = WLAN-Tray | ID = 0
Description = 17:49:07, Fri, Oct 11, 13 Error - User "" does not have administrative
 privileges on this system
 
[ OSession Events ]
Error - 10/10/2013 11:56:04 AM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/11/2013 3:54:18 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/11/2013 4:42:34 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 86
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/11/2013 4:43:01 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2013 4:12:00 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 188
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2013 5:27:37 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 189
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2013 5:39:12 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 57
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/15/2013 9:37:19 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 68
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 10/20/2013 9:32:16 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 4340 seconds with 4080 seconds of active time.  This session ended with a
 crash.
 
Error - 10/20/2013 9:44:33 PM | Computer Name = ElPeGren | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 94 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/18/2013 7:55:38 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10/20/2013 9:42:46 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/20/2013 9:42:46 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/20/2013 9:44:04 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10/21/2013 10:13:45 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/21/2013 10:13:45 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/21/2013 10:15:02 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10/22/2013 3:46:07 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/22/2013 3:46:07 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/22/2013 3:46:29 PM | Computer Name = ElPeGren | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >


 

 

~Jeffrey





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users