Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Applications stop working immediately after launch


  • This topic is locked This topic is locked
44 replies to this topic

#1 kmorrissey

kmorrissey

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 15 December 2013 - 08:16 PM

Receive the following Win7 error message: "[application name] has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

 

Attempted to run DDS, as recommended. Received the same error message. Attempted to re-run; app hung up before text file could be generated. 

 

I have RogueKiller and OTE log files:

 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kelly [Admin rights]
Mode : Scan -- Date : 12/13/2013 07:39:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3750528AS ATA Device +++++
--- User ---
[MBR] cb5811bd982479c44a32f1b3747bad1f
[BSP] ef1bfaea70b17040ada7cfa8a452a62f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11418 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23465984 | Size: 703945 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12132013_073936.txt >>
 
 
 
 

OTL logfile created on: 12/13/2013 7:43:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kelly\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.87 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 68.84% Memory free
11.73 Gb Paging File | 8.59 Gb Available in Paging File | 73.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.45 Gb Total Space | 255.68 Gb Free Space | 37.19% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 122.25 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
 
Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/13 07:37:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
PRC - [2013/12/13 07:22:17 | 003,580,416 | ---- | M] () -- C:\Users\Kelly\Desktop\RogueKiller (3).exe
PRC - [2013/12/03 18:12:46 | 000,757,536 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
PRC - [2013/09/03 17:14:41 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/09/19 20:10:10 | 001,177,536 | ---- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 20:10:06 | 001,157,056 | ---- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 20:03:58 | 005,236,664 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/06 09:50:24 | 000,248,248 | ---- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/09/06 09:48:44 | 001,688,008 | ---- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012/07/17 12:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/07/17 12:31:18 | 000,116,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2011/09/23 13:36:50 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/05/05 08:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2007/04/01 22:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/22 13:11:50 | 000,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/12/03 18:14:28 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/07/17 12:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/05 08:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/05/27 04:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/05/27 04:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/02/20 00:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 00:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/27 18:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2010/01/07 13:08:33 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/11 16:53:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/17 16:51:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/19 20:10:10 | 001,177,536 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 20:10:06 | 001,157,056 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/06 09:50:24 | 000,248,248 | ---- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/17 12:31:18 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/07 13:08:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/21 03:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/01 22:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/22 13:11:50 | 000,108,064 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/25 16:25:19 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013/09/25 16:25:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013/09/25 16:25:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2012/11/26 17:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/07/27 20:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 17:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/13 22:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/19 06:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/24 00:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 01:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/09/03 14:35:27 | 000,016,376 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Users\Kelly\AppData\Local\Temp\3fe7acc5-b81b-4c93-8f5a-4d3c87bdcbd3 -- (speccy)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&affID=119776&tt=250413_9114&babsrc=SP_ss&mntrId=BEF3C0CB385944A9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2013/12/09 20:39:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kelly\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kelly\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/17 16:50:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/17 16:50:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/09/20 07:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/17 16:50:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/17 16:50:33 | 000,000,000 | ---D | M]
 
[2011/05/26 06:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions
[2013/11/15 09:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\extensions
[2013/09/15 12:43:12 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\extensions\amznUWL2@amazon.com.xpi
[2013/11/15 09:21:32 | 000,016,454 | ---- | M] () (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\extensions\HomepageNewTab@neocodex.us.xpi
[2013/11/17 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/17 16:51:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/25 10:52:59 | 000,006,511 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.bing.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: GoPhoto.it = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0\
CHR - Extension: Gmail = C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://boeing.webex.com/client/WBXclient-T27L10NSP32EP12_Boeing-15112/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F940B-8AF2-46DD-A2ED-12005CB6A227}: DhcpNameServer = 192.168.1.1 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8955E0E3-5530-49CB-90E4-DA100C891272}: DhcpNameServer = 192.168.1.1 10.1.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/09 15:33:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{43f6bfe4-8bc8-11e2-b34d-842b2bb779e6}\Shell - "" = AutoRun
O33 - MountPoints2\{43f6bfe4-8bc8-11e2-b34d-842b2bb779e6}\Shell\AutoRun\command - "" = L:\MotoCastSetup.exe -a
O33 - MountPoints2\{c0654b13-6e37-11e2-b384-842b2bb779e6}\Shell - "" = AutoRun
O33 - MountPoints2\{c0654b13-6e37-11e2-b384-842b2bb779e6}\Shell\AutoRun\command - "" = L:\setup.exe -a
O33 - MountPoints2\{c832c984-4e18-11e3-b297-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c832c984-4e18-11e3-b297-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\start.exe
O33 - MountPoints2\{f7f3cc4b-eb0f-11e1-aaaa-842b2bb779e6}\Shell - "" = AutoRun
O33 - MountPoints2\{f7f3cc4b-eb0f-11e1-aaaa-842b2bb779e6}\Shell\AutoRun\command - "" = L:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/13 07:38:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2013/12/12 17:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 16:52:37 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 16:52:36 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 16:52:35 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 16:52:33 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 00:03:56 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 00:03:56 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 00:03:49 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 00:03:49 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 00:03:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 00:02:04 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 00:02:04 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 00:02:00 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 00:01:59 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 00:01:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 00:01:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 00:01:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 00:01:59 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/06 20:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/12/06 17:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
[2013/12/06 17:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 4
[2013/11/30 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\RK_Quarantine
[2013/11/26 20:09:40 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Documents\Hijackthis
[2013/11/17 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 09:36:04 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/15 09:34:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/15 09:34:57 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/15 09:34:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/15 09:34:57 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/15 09:34:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/15 09:34:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/15 09:34:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/15 09:34:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/15 09:34:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/15 09:34:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/15 09:33:49 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/15 09:33:43 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/15 09:33:43 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/15 09:33:42 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/15 09:33:42 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/13 07:54:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/13 07:52:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/13 07:47:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000UA.job
[2013/12/13 07:37:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2013/12/13 07:34:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job
[2013/12/13 07:28:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004UA.job
[2013/12/13 07:26:32 | 000,870,128 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\mcs.rma
[2013/12/13 07:26:32 | 000,000,004 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\D595F8
[2013/12/13 07:22:17 | 003,580,416 | ---- | M] () -- C:\Users\Kelly\Desktop\RogueKiller (3).exe
[2013/12/13 07:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job
[2013/12/13 06:47:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000Core.job
[2013/12/12 22:34:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job
[2013/12/12 21:28:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004Core.job
[2013/12/12 20:54:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 16:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job
[2013/12/11 20:21:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/12/11 18:29:00 | 000,743,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/11 18:29:00 | 000,635,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/11 18:29:00 | 000,111,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/11 18:28:54 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 18:28:54 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 18:23:06 | 000,443,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/11 18:22:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/11 18:22:43 | 429,219,839 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 16:53:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 16:53:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/06 17:31:44 | 000,001,116 | ---- | M] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/12/06 17:31:43 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/17 03:02:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/13 07:22:14 | 003,580,416 | ---- | C] () -- C:\Users\Kelly\Desktop\RogueKiller (3).exe
[2013/12/06 17:31:43 | 000,001,116 | ---- | C] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/12/06 17:31:43 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
[2013/12/06 17:31:43 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2013/12/06 17:31:41 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/09/22 07:26:15 | 000,870,128 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\mcs.rma
[2013/08/30 08:30:34 | 004,931,584 | ---- | C] () -- C:\Users\Kelly\s-1-5-21-999398637-2262637939-2764645843-1000.rrr
[2013/07/07 16:35:42 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/05/08 07:12:37 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/08 07:12:37 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/08 07:12:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/08 07:12:33 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/05/08 07:12:32 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/08 12:35:04 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/09 07:36:29 | 000,002,977 | ---- | C] () -- C:\Windows\checkip.dat
[2011/09/07 14:08:32 | 000,033,792 | ---- | C] () -- C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 19:09:12 | 000,000,004 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\D595F8
[2011/05/20 10:55:45 | 000,000,093 | ---- | C] () -- C:\Users\Kelly\AppData\Local\fusioncache.dat
[2011/05/20 09:24:41 | 000,000,632 | RHS- | C] () -- C:\Users\Kelly\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 20 December 2013 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517587 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 26 December 2013 - 08:46 PM

Hello kmorrissey, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 29 December 2013 - 02:15 PM

Do you still need help?


Best Regards,
oneof4.


#5 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 30 December 2013 - 05:24 PM

Yes, running Security Check and Farbar Recovery Scan Tool now.



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 30 December 2013 - 06:33 PM

:thumbup2:

 

Post when ready.


Best Regards,
oneof4.


#7 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 30 December 2013 - 09:00 PM

Security Check checkup.txt:

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Kelly (administrator) on KELLY-PC on 30-12-2013 14:30:13
Running from C:\Users\Kelly\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(EMC Corporation) C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Rhapsody International Inc.) C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Kelly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kelly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kelly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kelly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kelly\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Kelly\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2010-05-05] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-13] (Google Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-09-03] (Siber Systems)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
MountPoints2: {43f6bfe4-8bc8-11e2-b34d-842b2bb779e6} - L:\MotoCastSetup.exe -a
MountPoints2: {c0654b13-6e37-11e2-b384-842b2bb779e6} - L:\setup.exe -a
MountPoints2: {c832c984-4e18-11e3-b297-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\start.exe
MountPoints2: {f7f3cc4b-eb0f-11e1-aaaa-842b2bb779e6} - L:\MotoCastSetup.exe -a
HKU\Aidan\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-09-03] (Siber Systems)
HKU\Aidan\...\Run: [Google Update] - C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-24] (Google Inc.)
HKU\Aidan\...\Run: [Facebook Update] - C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-17] (Facebook Inc.)
HKU\Aidan\...\Policies\system: [LogonHoursAction] 2
HKU\Aidan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Hester\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-09-03] (Siber Systems)
HKU\Hester\...\Policies\system: [LogonHoursAction] 2
HKU\Hester\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kai\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-09-03] (Siber Systems)
HKU\Kai\...\Run: [Google Update] - C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)
HKU\Kai\...\Policies\system: [LogonHoursAction] 2
HKU\Kai\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={ED337D4B-E763-11E2-9348-842B2BB779E6}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.1.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856
FF NewTab: about:home
FF Homepage: hxxp://www.google.com/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 - C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kelly\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kelly\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\Extensions\amznUWL2@amazon.com.xpi
FF Extension: Homepage New Tab - C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\Extensions\HomepageNewTab@neocodex.us.xpi
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://www.bing.com/
CHR DefaultSearchKeyword: search.bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (GoPhoto.it) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0
CHR Extension: (Gmail) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Aidan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-01-07] ( )
S2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe [598696 2010-01-07] ( )
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
 
==================== Drivers (Whitelisted) ====================
 
S2 MCSTRM; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-09-25] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-09-25] (RapidSolution Software AG)
S3 speccy; \??\C:\Users\Kelly\AppData\Local\Temp\3fe7acc5-b81b-4c93-8f5a-4d3c87bdcbd3 [16376 2013-09-03] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-30 14:30 - 2013-12-30 14:32 - 00022080 _____ C:\Users\Kelly\Downloads\FRST.txt
2013-12-30 14:29 - 2013-12-30 14:29 - 00000000 ____D C:\FRST
2013-12-30 14:21 - 2013-12-30 14:22 - 01931302 _____ (Farbar) C:\Users\Kelly\Downloads\FRST64.exe
2013-12-30 14:20 - 2013-12-30 14:21 - 00891200 _____ C:\Users\Kelly\Downloads\SecurityCheck.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 06571072 _____ C:\Users\Kelly\Downloads\Lexmark_S300-S400_Series_E082511_00_FWUpdate.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 06571072 _____ C:\Users\Kelly\Downloads\Lexmark_S300-S400_Series_E082511_00_FWUpdate (1).exe
2013-12-20 08:56 - 2013-12-20 08:56 - 03502184 _____ C:\Users\Kelly\Downloads\UpdateMyDrivers.exe
2013-12-19 19:06 - 2013-12-19 19:07 - 50107976 _____ (Adobe Systems Incorporated) C:\Users\Kelly\Downloads\AdbeRdr11003_en_US.exe
2013-12-19 16:41 - 2013-12-19 16:41 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-13 09:00 - 2013-12-13 09:00 - 00010430 _____ C:\Users\Kelly\Desktop\attach.txt
2013-12-13 09:00 - 2013-12-13 08:59 - 00020844 _____ C:\Users\Kelly\Desktop\dds.txt
2013-12-13 08:45 - 2013-12-13 08:45 - 00688992 ____R (Swearware) C:\Users\Kelly\Downloads\dds.com
2013-12-13 08:40 - 2013-12-13 08:40 - 00065430 _____ C:\Users\Kelly\Desktop\Extras.Txt
2013-12-13 08:24 - 2013-12-13 08:40 - 00105908 _____ C:\Users\Kelly\Desktop\OTL.Txt
2013-12-13 07:39 - 2013-12-13 07:39 - 00001401 _____ C:\Users\Kelly\Desktop\RKreport[0]_S_12132013_073936.txt
2013-12-13 07:38 - 2013-12-13 07:37 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
2013-12-13 07:37 - 2013-12-13 07:37 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Downloads\OTL.exe
2013-12-13 07:22 - 2013-12-13 07:22 - 03580416 _____ C:\Users\Kelly\Downloads\RogueKiller (4).exe
2013-12-13 07:22 - 2013-12-13 07:22 - 03580416 _____ C:\Users\Kelly\Desktop\RogueKiller (3).exe
2013-12-13 07:21 - 2013-12-13 07:21 - 03580416 _____ C:\Users\Kelly\Downloads\RogueKiller (1).exe
2013-12-11 16:52 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 16:52 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 16:52 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 16:52 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 00:03 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 00:03 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 00:03 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 00:03 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 00:03 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 00:03 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 00:03 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 00:03 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 00:03 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 00:02 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 00:02 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 00:02 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 00:01 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 00:01 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 00:01 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 00:01 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 00:01 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 00:01 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 00:01 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 20:19 - 2013-12-10 20:36 - 00365423 _____ C:\Users\Kelly\Documents\window tint gift.pptx
2013-12-09 20:39 - 2013-12-11 18:23 - 00000224 _____ C:\Windows\setupact.log
2013-12-09 20:39 - 2013-12-09 20:39 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 20:10 - 2013-12-06 20:10 - 13079688 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Silverlight_x64(1).exe
2013-12-06 20:08 - 2013-12-06 20:08 - 13079688 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Silverlight_x64.exe
2013-12-06 17:31 - 2013-12-11 20:21 - 00000332 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2013-12-06 17:31 - 2013-12-06 17:31 - 00002628 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-06 17:31 - 2013-12-06 17:31 - 00001092 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2013-12-06 17:30 - 2013-12-11 20:20 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 4
2013-12-06 17:30 - 2013-12-06 17:30 - 12269832 _____ C:\Users\Kelly\Downloads\Glary_Utilities_v4.1.0.61.exe
2013-12-04 22:50 - 2013-12-04 22:50 - 00067359 _____ C:\Users\Kai\Documents\Presentation1.pptx
2013-12-04 17:15 - 2013-12-04 17:15 - 00562442 _____ C:\ProgramData\SPLDDF1.tmp
2013-11-30 12:57 - 2013-11-30 12:57 - 03687936 _____ C:\Users\Kelly\Downloads\RogueKiller (2).exe
2013-11-30 12:04 - 2013-12-13 07:16 - 00000000 ____D C:\Users\Kelly\Desktop\RK_Quarantine
2013-11-30 12:04 - 2013-11-30 12:04 - 03687936 _____ C:\Users\Kelly\Downloads\RogueKiller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-12-30 14:32 - 2013-12-30 14:30 - 00022080 _____ C:\Users\Kelly\Downloads\FRST.txt
2013-12-30 14:29 - 2013-12-30 14:29 - 00000000 ____D C:\FRST
2013-12-30 14:28 - 2011-06-07 14:01 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004UA.job
2013-12-30 14:28 - 2011-05-19 13:44 - 01771994 _____ C:\Windows\WindowsUpdate.log
2013-12-30 14:25 - 2011-05-19 15:20 - 00000000 ____D C:\Users\Kelly\Documents\Outlook Files
2013-12-30 14:22 - 2013-12-30 14:21 - 01931302 _____ (Farbar) C:\Users\Kelly\Downloads\FRST64.exe
2013-12-30 14:21 - 2013-12-30 14:20 - 00891200 _____ C:\Users\Kelly\Downloads\SecurityCheck.exe
2013-12-30 14:03 - 2011-05-24 19:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job
2013-12-30 13:54 - 2011-08-13 11:37 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 13:52 - 2013-09-03 14:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 13:47 - 2012-06-13 10:57 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000UA.job
2013-12-30 13:34 - 2012-07-17 20:40 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job
2013-12-30 06:47 - 2012-06-13 10:57 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000Core.job
2013-12-29 22:34 - 2012-07-17 20:40 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job
2013-12-29 21:28 - 2011-06-07 14:01 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004Core.job
2013-12-29 20:54 - 2011-08-13 11:37 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 16:03 - 2011-05-24 19:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job
2013-12-20 11:17 - 2011-05-24 11:28 - 00000000 ____D C:\ProgramData\Lx_cats
2013-12-20 10:44 - 2009-07-13 21:13 - 00743944 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 09:03 - 2013-12-20 09:03 - 06571072 _____ C:\Users\Kelly\Downloads\Lexmark_S300-S400_Series_E082511_00_FWUpdate.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 06571072 _____ C:\Users\Kelly\Downloads\Lexmark_S300-S400_Series_E082511_00_FWUpdate (1).exe
2013-12-20 08:56 - 2013-12-20 08:56 - 03502184 _____ C:\Users\Kelly\Downloads\UpdateMyDrivers.exe
2013-12-20 07:50 - 2013-11-17 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 19:23 - 2011-05-19 15:20 - 00000000 ____D C:\Users\Kelly\Documents\Photography
2013-12-19 19:22 - 2011-06-14 11:03 - 00000000 ____D C:\Users\Kelly\AppData\Local\CrashDumps
2013-12-19 19:10 - 2011-06-01 20:23 - 00000000 ____D C:\ProgramData\Adobe
2013-12-19 19:07 - 2013-12-19 19:06 - 50107976 _____ (Adobe Systems Incorporated) C:\Users\Kelly\Downloads\AdbeRdr11003_en_US.exe
2013-12-19 19:06 - 2011-06-01 20:23 - 00000000 ____D C:\Users\Kelly\AppData\Local\Adobe
2013-12-19 16:41 - 2013-12-19 16:41 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-19 16:39 - 2011-06-01 20:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-14 03:18 - 2013-08-05 15:41 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 03:02 - 2011-05-22 15:07 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 11:16 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 11:16 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 09:00 - 2013-12-13 09:00 - 00010430 _____ C:\Users\Kelly\Desktop\attach.txt
2013-12-13 08:59 - 2013-12-13 09:00 - 00020844 _____ C:\Users\Kelly\Desktop\dds.txt
2013-12-13 08:45 - 2013-12-13 08:45 - 00688992 ____R (Swearware) C:\Users\Kelly\Downloads\dds.com
2013-12-13 08:40 - 2013-12-13 08:40 - 00065430 _____ C:\Users\Kelly\Desktop\Extras.Txt
2013-12-13 08:40 - 2013-12-13 08:24 - 00105908 _____ C:\Users\Kelly\Desktop\OTL.Txt
2013-12-13 07:39 - 2013-12-13 07:39 - 00001401 _____ C:\Users\Kelly\Desktop\RKreport[0]_S_12132013_073936.txt
2013-12-13 07:37 - 2013-12-13 07:38 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
2013-12-13 07:37 - 2013-12-13 07:37 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Downloads\OTL.exe
2013-12-13 07:26 - 2013-09-22 07:26 - 00870128 _____ C:\Users\Kelly\AppData\Roaming\mcs.rma
2013-12-13 07:26 - 2011-05-22 19:09 - 00000004 _____ C:\Users\Kelly\AppData\Roaming\D595F8
2013-12-13 07:22 - 2013-12-13 07:22 - 03580416 _____ C:\Users\Kelly\Downloads\RogueKiller (4).exe
2013-12-13 07:22 - 2013-12-13 07:22 - 03580416 _____ C:\Users\Kelly\Desktop\RogueKiller (3).exe
2013-12-13 07:21 - 2013-12-13 07:21 - 03580416 _____ C:\Users\Kelly\Downloads\RogueKiller (1).exe
2013-12-13 07:16 - 2013-11-30 12:04 - 00000000 ____D C:\Users\Kelly\Desktop\RK_Quarantine
2013-12-12 17:57 - 2011-08-13 11:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 20:21 - 2013-12-06 17:31 - 00000332 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2013-12-11 20:20 - 2013-12-06 17:30 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 4
2013-12-11 20:20 - 2011-05-24 11:27 - 01474297 _____ C:\ProgramData\lxeascan.log
2013-12-11 19:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 18:23 - 2013-12-09 20:39 - 00000224 _____ C:\Windows\setupact.log
2013-12-11 18:23 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 18:23 - 2009-07-13 20:45 - 00443936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 16:53 - 2013-09-03 14:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 16:53 - 2013-09-03 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 16:53 - 2013-09-03 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 16:52 - 2011-05-19 15:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 20:36 - 2013-12-10 20:19 - 00365423 _____ C:\Users\Kelly\Documents\window tint gift.pptx
2013-12-10 20:22 - 2011-05-24 11:32 - 00097382 _____ C:\ProgramData\lxeaJSW.log
2013-12-09 20:39 - 2013-12-09 20:39 - 00000000 _____ C:\Windows\setuperr.log
2013-12-09 20:39 - 2013-09-15 12:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-06 20:49 - 2011-08-13 11:37 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 20:49 - 2011-08-13 11:37 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 20:10 - 2013-12-06 20:10 - 13079688 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Silverlight_x64(1).exe
2013-12-06 20:09 - 2013-09-15 12:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 20:08 - 2013-12-06 20:08 - 13079688 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Silverlight_x64.exe
2013-12-06 17:43 - 2013-04-08 10:37 - 00000000 ____D C:\Windows\Minidump
2013-12-06 17:43 - 2011-05-19 14:40 - 00000000 ____D C:\Windows\Panther
2013-12-06 17:32 - 2013-08-30 11:51 - 00000000 ____D C:\ProgramData\GlarySoft
2013-12-06 17:32 - 2013-08-30 11:48 - 00000075 _____ C:\DiskDefrag.log
2013-12-06 17:32 - 2013-08-30 09:00 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\GlarySoft
2013-12-06 17:31 - 2013-12-06 17:31 - 00002628 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-06 17:31 - 2013-12-06 17:31 - 00001092 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2013-12-06 17:30 - 2013-12-06 17:30 - 12269832 _____ C:\Users\Kelly\Downloads\Glary_Utilities_v4.1.0.61.exe
2013-12-06 06:42 - 2012-06-13 10:57 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000UA
2013-12-06 06:42 - 2012-06-13 10:57 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000Core
2013-12-04 22:50 - 2013-12-04 22:50 - 00067359 _____ C:\Users\Kai\Documents\Presentation1.pptx
2013-12-04 20:59 - 2011-07-05 16:34 - 00000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2013-12-04 20:57 - 2011-06-07 14:02 - 00002358 _____ C:\Users\Kai\Desktop\Google Chrome.lnk
2013-12-04 17:15 - 2013-12-04 17:15 - 00562442 _____ C:\ProgramData\SPLDDF1.tmp
2013-11-30 12:57 - 2013-11-30 12:57 - 03687936 _____ C:\Users\Kelly\Downloads\RogueKiller (2).exe
2013-11-30 12:50 - 2012-01-11 10:43 - 00000000 __SHD C:\Users\Kelly\AppData\Local\{7f390e6f-c23a-28ce-0fda-8923e8f271eb}
2013-11-30 12:04 - 2013-11-30 12:04 - 03687936 _____ C:\Users\Kelly\Downloads\RogueKiller.exe
 
Files to move or delete:
====================
C:\Users\Aidan\jagex_cl_runescape_LIVE.dat
C:\ProgramData\uninstaller.exe
C:\Users\Kai\jagex_runescape_preferences.dat
C:\Users\Kai\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\Aidan\AppData\Local\Temp\tmp82.exe
C:\Users\Kai\AppData\Local\Temp\tmpDE6C.exe
C:\Users\Kelly\AppData\Local\Temp\APNSetup.exe
C:\Users\Kelly\AppData\Local\Temp\bitool.dll
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32au_mssa_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_5.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_6.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_7.exe
C:\Users\Kelly\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Kelly\AppData\Local\Temp\lowproc.exe
C:\Users\Kelly\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Kelly\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kelly\AppData\Local\Temp\speccycpuid.dll
C:\Users\Kelly\AppData\Local\Temp\stubhelper.dll
C:\Users\Kelly\AppData\Local\Temp\tmp239.exe
C:\Users\Kelly\AppData\Local\Temp\tmp6042.exe
C:\Users\Kelly\AppData\Local\Temp\tmp6FF1.exe
C:\Users\Kelly\AppData\Local\Temp\WiseUpdX.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-20 00:57
 

 

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01

Ran by Kelly at 2013-12-30 14:37:14
Running from C:\Users\Kelly\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Acoustica MP3 CD Burner (x32 Version:  - Acoustica, Inc)
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.41211 - ATI Technologies Inc.)
Audials TV (x32 Version: 1.3.10803.300 - RapidSolution Software AG)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.54.02 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.)
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.)
Cisco WebEx Meetings (x32 Version:  - Cisco WebEx LLC)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.)
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (x32 Version: 2.1.11 - Garmin)
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Glary Utilities 4.1 (x32 Version: 4.1.0.61 - Glarysoft Ltd)
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
Hands of Steel iPod Clips (x32 Version: 1.0.0 - The Rock House Method)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
ImageGlass 1.5 beta 2 (x32 Version: 1.5 beta 2 - Duong Dieu Phap)
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.)
LAME v3.98.3 for Audacity (x32 Version:  - )
Learn Rock Guiar Intermediate iPod Clips (x32 Version: 1.0.0 - The Rock House Method)
Learn Rock Guitar Advanced iPod Clips (x32 Version: 1.0.0 - The Rock House Method)
Learn Rock Guitar Beginner iPod Clips (x32 Version: 1.0.0 - The Rock House Method)
Lexmark Printable Web (x32 Version: 1.0.0.0 - )
Lexmark S300-S400 Series (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (x32 Version: 4.3.37.0 - )
Line 6 Uninstaller (x32 Version:  - Line 6)
Macromedia Flash MX (x32 Version: 6 - Macromedia)
Mavis Beacon Teaches Typing Deluxe 20 (x32 Version: 20.00.0000 - Broderbund)
Maxtor OneTouch (x32 Version: 2.00.0029 - Maxtor)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Download Manager (x32 Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola)
Motorola Device Manager (x32 Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
MSRedist (x32 Version: 9.0.30729.4148 - Symantec Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Retrospect Express HD 2.0 (x32 Version: 2.00.214 - EMC)
Rhapsody (x32 Version:  - )
RoboForm 7-9-1-1 (HKCU Version: 7-9-1-1 - Siber Systems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
Speccy (Version: 1.22 - Piriform)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Ventrilo Client for Windows x64 (Version: 3.0.8.0 - Flagship Industries, Inc.)
WD Drive Utilities (x32 Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
Windows Surface Scanner 2.10 (x32 Version:  - )
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
YTD YouTube Downloader & Converter 3.7 (x32 Version:  - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
27-11-2013 15:00:52 Windows Backup
29-11-2013 11:50:06 Windows Update
03-12-2013 15:53:39 Windows Update
07-12-2013 01:29:25 Windows Update
11-12-2013 03:39:14 Windows Update
12-12-2013 00:41:09 Windows Update
14-12-2013 11:00:12 Windows Update
18-12-2013 02:35:28 Windows Update
20-12-2013 16:51:26 Windows Backup
22-12-2013 02:34:19 Windows Update
23-12-2013 03:02:20 Windows Backup
26-12-2013 02:34:53 Windows Update
30-12-2013 02:34:56 Windows Update
30-12-2013 03:02:19 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {062D7D78-5A43-4B3C-B06A-4B21AE3404E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-999398637-2262637939-2764645843-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {075F43C9-493E-4829-83A5-FB3BB47587BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004Core => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07] (Google Inc.)
Task: {0A12E15D-B31D-4154-98AE-3AD778C3CC37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13] (Google Inc.)
Task: {0AE5F333-8C8F-489E-B593-D9E94BDD76A6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3026ACD6-3F4B-4BC7-97F6-796A420ED5C4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {3605A358-C8E2-491A-95F5-45C399FCF8BB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004UA => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07] (Google Inc.)
Task: {4A895CD3-4A46-47DE-A1D0-DAD972674008} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-999398637-2262637939-2764645843-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {526BB19C-5247-44B4-8F00-8A696573C91D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {5D1646E6-D6E7-49E1-B655-687B72A3D2B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000Core => C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {6CC8C1EC-82A6-45F4-8CDA-B8957CC7D20F} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2013-09-03] (Siber Systems)
Task: {7BB4CFB6-12A2-47B3-9B85-031025751DD9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core => C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {7FB43341-54E4-4680-9BF6-E88E419D9C9E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86AE6227-BAF1-4B8A-9E70-5D65978396FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000UA => C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {8F7AB698-738D-4C60-9612-C817C20BA648} - System32\Tasks\Orb Startup => C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
Task: {9FD73CCC-BDF6-4D37-860F-3CC821CE6965} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {AC390EAA-ECB4-455C-9945-7ABFD631B311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {ADC22790-E5B7-41A5-A670-90C359034905} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {B1956483-4A48-40B3-B364-BA7791F29649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13] (Google Inc.)
Task: {BB25BE4E-8E2E-4642-923D-5CE1597B318F} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-03] (Glarysoft Ltd)
Task: {BFF8E0BD-FB40-49E7-9B56-574803733141} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {CB2B5BAF-B407-4F93-945C-257941A0CD96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D641813D-FC59-4FB1-9B0F-5C65CA77160E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA => C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {D81A10AD-19D5-43FC-8638-DF11F693C37E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {E19DB219-4461-4E41-859F-AD7B2FB166F1} - System32\Tasks\{60328288-1250-4AC8-9000-A368429AD792} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job => C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job => C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000Core.job => C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1000UA.job => C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003Core.job => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1003UA.job => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004Core.job => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999398637-2262637939-2764645843-1004UA.job => C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-12 18:08 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-03 18:14 - 2013-12-03 18:14 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2011-05-24 11:26 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2011-05-24 11:26 - 2009-05-27 04:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2011-05-24 11:26 - 2009-05-27 04:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
2011-05-24 11:26 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2011-05-24 11:26 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2011-05-24 11:23 - 2009-02-20 00:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2011-05-24 11:23 - 2009-02-20 00:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-04 13:45 - 2013-12-03 18:48 - 04055504 _____ () C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 13:45 - 2013-12-03 18:48 - 00399312 _____ () C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 13:45 - 2013-12-03 18:47 - 01619408 _____ () C:\Users\Kelly\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2013 07:35:16 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The system cannot find the file specified. (0x80070002).
 
Error: (12/22/2013 07:36:46 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The system cannot find the file specified. (0x80070002).
 
Error: (12/20/2013 09:45:44 AM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while trying to read from the shadow copy on one of the volumes being backed up. Please check in the event logs for any relevant errors. (0x81000037).
 
Error: (12/19/2013 07:15:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: AcroRd32.exe, version: 11.0.4.63, time stamp: 0x522888c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x8a0
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3
 
Error: (12/19/2013 04:34:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: install_reader11_en_mssd_aaa_aih.exe, version: 3.3.9.0, time stamp: 0x51c7f3cd
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000343e6
Faulting process id: 0x74c
Faulting application start time: 0xinstall_reader11_en_mssd_aaa_aih.exe0
Faulting application path: install_reader11_en_mssd_aaa_aih.exe1
Faulting module path: install_reader11_en_mssd_aaa_aih.exe2
Report Id: install_reader11_en_mssd_aaa_aih.exe3
 
Error: (12/15/2013 07:00:06 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/13/2013 11:08:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: lxeacoms.exe, version: 9.2.33.0, time stamp: 0x4b200765
Faulting module name: lxeaserv.dll, version: 9.2.33.0, time stamp: 0x4b200879
Exception code: 0xc0000005
Fault offset: 0x00000000000adbdd
Faulting process id: 0x6f8
Faulting application start time: 0xlxeacoms.exe0
Faulting application path: lxeacoms.exe1
Faulting module path: lxeacoms.exe2
Report Id: lxeacoms.exe3
 
Error: (12/13/2013 08:46:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: dds.com, version: 2012.11.20.1, time stamp: 0x4b1ae3c6
Faulting module name: System.dll, version: 0.0.0.0, time stamp: 0x4b1ae3ad
Exception code: 0xc0000005
Fault offset: 0x0000186d
Faulting process id: 0xf40
Faulting application start time: 0xdds.com0
Faulting application path: dds.com1
Faulting module path: dds.com2
Report Id: dds.com3
 
Error: (12/13/2013 07:30:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1024
Faulting application start time: 0xrhapsody.exe0
Faulting application path: rhapsody.exe1
Faulting module path: rhapsody.exe2
Report Id: rhapsody.exe3
 
Error: (12/13/2013 07:13:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xc5c
Faulting application start time: 0xrhapsody.exe0
Faulting application path: rhapsody.exe1
Faulting module path: rhapsody.exe2
Report Id: rhapsody.exe3
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (12/29/2013 07:35:16 PM) (Source: Windows Backup)(User: )
Description: The system cannot find the file specified. (0x80070002)
 
Error: (12/22/2013 07:36:46 PM) (Source: Windows Backup)(User: )
Description: The system cannot find the file specified. (0x80070002)
 
Error: (12/20/2013 09:45:44 AM) (Source: Windows Backup)(User: )
Description: Windows Backup failed while trying to read from the shadow copy on one of the volumes being backed up. Please check in the event logs for any relevant errors. (0x81000037)
 
Error: (12/19/2013 07:15:07 PM) (Source: Application Error)(User: )
Description: AcroRd32.exe11.0.4.63522888c1ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7538a001cefd31429f704eC:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeC:\Windows\SysWOW64\ntdll.dllece29180-6924-11e3-b777-842b2bb779e6
 
Error: (12/19/2013 04:34:11 PM) (Source: Application Error)(User: )
Description: install_reader11_en_mssd_aaa_aih.exe3.3.9.051c7f3cdntdll.dll6.1.7601.18247521ea8e7c0000005000343e674c01cefd1b310a3c57C:\Users\Kelly\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exeC:\Windows\SysWOW64\ntdll.dll71407173-690e-11e3-b777-842b2bb779e6
 
Error: (12/15/2013 07:00:06 PM) (Source: Windows Backup)(User: )
Description: K:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (12/13/2013 11:08:42 AM) (Source: Application Error)(User: )
Description: lxeacoms.exe9.2.33.04b200765lxeaserv.dll9.2.33.04b200879c000000500000000000adbdd6f801cef6e11ebb125fC:\Windows\system32\lxeacoms.exeC:\Windows\system32\lxeaserv.dllfae25250-6429-11e3-b777-842b2bb779e6
 
Error: (12/13/2013 08:46:43 AM) (Source: Application Error)(User: )
Description: dds.com2012.11.20.14b1ae3c6System.dll0.0.0.04b1ae3adc00000050000186df4001cef822de001bc5C:\Users\Kelly\Downloads\dds.comC:\Users\Kelly\AppData\Local\Temp\nsm5D58.tmp\System.dll2516b1b6-6416-11e3-b777-842b2bb779e6
 
Error: (12/13/2013 07:30:43 AM) (Source: Application Error)(User: )
Description: rhapsody.exe4.0.6.144ec8881entdll.dll6.1.7601.18247521ea8e7c0000374000ce753102401cef817843c1686C:\Program Files (x86)\Rhapsody\rhapsody.exeC:\Windows\SysWOW64\ntdll.dll87081696-640b-11e3-b777-842b2bb779e6
 
Error: (12/13/2013 07:13:30 AM) (Source: Application Error)(User: )
Description: rhapsody.exe4.0.6.144ec8881entdll.dll6.1.7601.18247521ea8e7c0000374000ce753c5c01cef8156c3c23ebC:\Program Files (x86)\Rhapsody\rhapsody.exeC:\Windows\SysWOW64\ntdll.dll1f29b839-6409-11e3-b777-842b2bb779e6
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 6007.12 MB
Available physical RAM: 3791.64 MB
Total Pagefile: 12014.23 MB
Available Pagefile: 8983.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:687.45 GB) (Free:254.27 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:122.31 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:277.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 233 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 01 January 2014 - 11:21 AM

Hello kmorrissey :)
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. (You may want to move FRST64.exe from your "Downloads" folder to the "Desktop.")

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
==========

 

Next, please perform the following:

First.....

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe (Hopfully, this will never be necessary) :wink:

Next....

Please download the Revo Uninstaller to your desktop.

Note ---> Scroll down the page and be sure to download the "freeware" version not the "30d fully functional free trial"

  • Double click Revo.exe to install and run.
  • Highlight Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.)
  • Choose Uninstall.
  • Are you sure - Yes
  • Mode - Advanced
  • Are you sure - Yes
  • Initial Uninstall (This is the programs built-in uninstaller, wait for it to finish, if it asks you to reboot, choose not to at this point, then proceed by clicking Next).
  • Scanning for leftover Registry entries - After it finishes click Next (This will bring up a list of registry entries related to the uninstalled program).
  • Check the bolded boxes only!!!! <--- Important!! (You may have to expand the list by clicking on the "+" sign, then choosing the bolded entry.)
  • Click Delete
  • Click Yes
  • Scanning for leftover files (Similar to the registry left-over scan, except it will return a list of files / folders associated with the unistalled program). Once it finishes scanning. click Next
  • Click Select All
  • Click Delete
  • Click Yes
  • Click Finish

Reboot your computer, if Revo does not prompt you to do so.
 
Then please post the Fixlog.txt, and update me on how your system is performing after running the fix and removing SweetPacks.

Attached Files


Edited by oneof4, 01 January 2014 - 11:24 AM.

Best Regards,
oneof4.


#9 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 January 2014 - 03:31 PM

Really appreciate the help so far!

 

Status: PowerPoint crashes immediately after launch, as does Rhapsody, and Shockwave still crashes when attempting to play any video via YouTube. Also, unable to recognize attached printer.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014
Ran by Kelly at 2014-01-01 11:44:41 Run:1
Running from C:\Users\Kelly\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={ED337D4B-E763-11E2-9348-842B2BB779E6}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR DefaultNewTabURL:
S3 speccy; \??\C:\Users\Kelly\AppData\Local\Temp\3fe7acc5-b81b-4c93-8f5a-4d3c87bdcbd3 [16376 2013-09-03] ()
C:\Users\Aidan\jagex_cl_runescape_LIVE.dat
C:\ProgramData\uninstaller.exe
C:\Users\Kai\jagex_runescape_preferences.dat
C:\Users\Kai\jagex_runescape_preferences2.dat
C:\Users\Aidan\AppData\Local\Temp\tmp82.exe
C:\Users\Kai\AppData\Local\Temp\tmpDE6C.exe
C:\Users\Kelly\AppData\Local\Temp\APNSetup.exe
C:\Users\Kelly\AppData\Local\Temp\bitool.dll
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32au_mssa_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_5.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_6.exe
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_7.exe
C:\Users\Kelly\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe
C:\Users\Kelly\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Kelly\AppData\Local\Temp\lowproc.exe
C:\Users\Kelly\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Kelly\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kelly\AppData\Local\Temp\speccycpuid.dll
C:\Users\Kelly\AppData\Local\Temp\stubhelper.dll
C:\Users\Kelly\AppData\Local\Temp\tmp239.exe
C:\Users\Kelly\AppData\Local\Temp\tmp6042.exe
C:\Users\Kelly\AppData\Local\Temp\tmp6FF1.exe
C:\Users\Kelly\AppData\Local\Temp\WiseUpdX.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156} => Key deleted successfully.
HKCR\CLSID\{ABD93EAF-D775-BC54-E63B-2804F22FD156} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614} => Key deleted successfully.
HKCR\CLSID\{E1F1D83E-270B-054F-25C9-60461DF5B614} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
CHR DefaultSearchURL: http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={ED337D4B-E763-11E2-9348-842B2BB779E6} ==> The Chrome "Settings" can be used to fix the entry.
speccy => Service deleted successfully.
C:\Users\Aidan\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.
C:\Users\Kai\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Kai\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Aidan\AppData\Local\Temp\tmp82.exe => Moved successfully.
C:\Users\Kai\AppData\Local\Temp\tmpDE6C.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32au_mssa_aaa_aih.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_3.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_4.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_5.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_6.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_7.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\speccycpuid.dll => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\tmp239.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\tmp6042.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\tmp6FF1.exe => Moved successfully.
C:\Users\Kelly\AppData\Local\Temp\WiseUpdX.exe => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
 
==== End of Fixlog ====


#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 01 January 2014 - 04:05 PM

Hey :)
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

==========
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========
 
===================================================

Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

==========

 

Things I need to see in your next reply:

  • AdwCleaner Log
  • JRT.txt
  • TDSSKiller Log ("Attached")

Best Regards,
oneof4.


#11 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 January 2014 - 07:36 PM

AdwCleaner Log
# AdwCleaner v3.016 - Report created 01/01/2014 at 13:59:01
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kelly - KELLY-PC
# Running from : C:\Users\Kelly\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Found : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
Folder Found : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found C:\Program Files (x86)\Gophoto.it
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\Program Files (x86)\TornTV.com
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\Aidan\AppData\Local\Temp\apn
Folder Found C:\Users\Kai\AppData\Local\Temp\apn
Folder Found C:\Users\Kelly\AppData\Local\StartNow
Folder Found C:\Users\Kelly\AppData\Local\Temp\apn
Folder Found C:\Users\Kelly\AppData\LocalLow\SweetIM
Folder Found C:\Users\Kelly\AppData\Roaming\registry mechanic
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASMANCS
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\prefs.js ]
 
 
[ File : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\i47yrejx.default\prefs.js ]
 
 
[ File : C:\Users\Hester\AppData\Roaming\Mozilla\Firefox\Profiles\7b2etfds.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : search_url
 
[ File : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5160 octets] - [01/01/2014 13:59:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5220 octets] ##########
 
 
JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Kelly on Wed 01/01/2014 at 14:49:25.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_atomixmp3[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_emc-retrospect-express-hd[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_the-rasterbator[1]_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Kelly\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Kelly\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{0903ADE1-7EB0-4557-A0C6-5A30B4BEEF3D}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{0C81360B-AF23-4EF5-85BF-45BEA8AC90CC}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{11A205CB-CA4C-4E05-B846-98C809D38B80}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{15CFBC7D-7808-45E6-8D70-80408B4ADDF2}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{1A1F5904-86D7-4363-A6BF-3ACEDFC2F336}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{7f390e6f-c23a-28ce-0fda-8923e8f271eb}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{8780626D-B9E2-4118-8D45-3EA0034C0996}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{8FB43266-85C6-4BFE-8615-274686BED7AD}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{B8A6FA01-543C-4434-B6AA-57F453CF8632}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{C9971439-8560-4F5A-99A0-DF379A1535ED}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{D2055580-08EB-4A43-BA25-EBD88378245E}
Successfully deleted: [Empty Folder] C:\Users\Kelly\appdata\local\{F19795F0-5E29-481C-BDBA-D1A8F0B596E1}
 
 
 
~~~ FireFox
 
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [Folder] C:\Users\Kelly\AppData\Roaming\mozilla\firefox\profiles\ib26n5uy.default-1378249088856\extensions\staged
Emptied folder: C:\Users\Kelly\AppData\Roaming\mozilla\firefox\profiles\ib26n5uy.default-1378249088856\minidumps [10 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/01/2014 at 15:24:06.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
TDSSKiller Log: "no threats found"


#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 01 January 2014 - 11:17 PM

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Also, please provide a description of how the computer is now behaving.


Best Regards,
oneof4.


#13 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 02 January 2014 - 01:46 AM

Status: PowerPoint still crashes immediately after launch, as does Rhapsody.
Shockwave now working on YouTube!
Also, now able to recognize attached printer! Progress!
 
 
# AdwCleaner v3.016 - Report created 01/01/2014 at 22:26:58
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kelly - KELLY-PC
# Running from : C:\Users\Kelly\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Kelly\AppData\Local\StartNow
Folder Deleted : C:\Users\Kelly\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Aidan\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Kai\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Deleted : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ib26n5uy.default-1378249088856\prefs.js ]
 
 
[ File : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\i47yrejx.default\prefs.js ]
 
 
[ File : C:\Users\Hester\AppData\Roaming\Mozilla\Firefox\Profiles\7b2etfds.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : search_url
 
[ File : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5344 octets] - [01/01/2014 13:59:01]
AdwCleaner[R1].txt - [3286 octets] - [01/01/2014 21:19:49]
AdwCleaner[S0].txt - [3251 octets] - [01/01/2014 22:26:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3311 octets] ##########


#14 kmorrissey

kmorrissey
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 02 January 2014 - 05:08 PM

Update: Shockwave Flash plug-in crashing in Firefox v.26



#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:25 PM

Posted 02 January 2014 - 06:32 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Please refer to this link for instructions.
  • Right click it and run as admin & follow the prompts.

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply, along with a description of how things are running.


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users