Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help removing some kind of Malware.


  • This topic is locked This topic is locked
14 replies to this topic

#1 prov1kenobi

prov1kenobi

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 13 April 2014 - 06:44 PM

Running Windows 7 on my laptop. Browser (Firefox) takes probably about 3 minutes to even launch and then only stays online for maybe 10-15 minutes and then loses connection to the internet. Shows connected but cannot navigate to any pages. Ran Malwarebytes and came up with nothing. Emisoft will not get past it's initial stages and stops 1/4 way through setup. Was working reasonably well before I downloaded a file sharing program. I think it was called Bitlord. I've uninstalled the program, but I suspect it planted something somewhere. In my task manager I see something resembling that program running but when I try to kill it, it's unsuccessful.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Ron at 20:07:52 on 2014-04-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2010.784 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ron\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
uRun: [Greenshot] c:\program files\greenshot\Greenshot.exe
uRun: [LightShot] c:\users\ron\appdata\local\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Google Update] "c:\users\ron\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\ron\appdata\roaming\micros~1\windows\startm~1\programs\startup\verizo~1.lnk - c:\users\ron\appdata\roaming\verizon\ua_ar\UA.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6AF1F90F-11E5-4BAF-B86E-F85536702E41} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6AF1F90F-11E5-4BAF-B86E-F85536702E41}\2375942554438343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6AF1F90F-11E5-4BAF-B86E-F85536702E41}\241697D6F6E64794E6E60282D4163627F64756368692 : DHCPNameServer = 204.14.141.218 204.14.138.10
TCP: Interfaces\{6AF1F90F-11E5-4BAF-B86E-F85536702E41}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ron\appdata\roaming\mozilla\firefox\profiles\zy525tb6.default-1367800767364\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCF309564-C35A-4C50-AC78-C4CA74AD453D&SSPV=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\18.0.5\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ron\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\ron\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ron\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 - google.com
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=e5ba299df22c4a83a0a46d74df9c5179&tu=10G9y00Cb2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 58d37c69000000000000001bb189393c
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16121
FF - user.js: extensions.zonealarm.vrsn - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsni - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.28.1320:18:28
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 8008
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN36044371137299-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=e5ba299df22c4a83a0a46d74df9c5179&tu=10G9y00Cb2C01x0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=e5ba299df22c4a83a0a46d74df9c5179&tu=10G9y00Cb2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=en&gu=e5ba299df22c4a83a0a46d74df9c5179&tu=10G9y00Cb2C01x0&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2014-3-16 22056]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-11-1 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 42272]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-3-16 4161512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-20 701512]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-2 170552]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2014-3-5 508184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2014-3-5 33832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-20 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-3-16 57944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-2-15 88576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-12 14848]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-2-15 184192]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-16 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-2 1343400]
.
=============== Created Last 30 ================
.
2014-04-12 02:37:32    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-04-12 02:37:32    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-04-12 02:37:32    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-04-12 02:37:31    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-04-12 02:37:31    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2014-04-12 02:37:30    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2014-04-12 02:37:29    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2014-04-12 02:37:29    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2014-04-12 02:37:28    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2014-04-12 02:37:28    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2014-04-12 02:26:25    27072    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-04-12 02:26:25    234432    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-04-12 02:26:25    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-04-12 02:26:25    149440    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-04-12 02:26:20    1212352    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-04-12 02:26:14    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-26 02:43:40    --------    d-----w-    c:\program files\Tweaking.com
2014-03-26 01:25:33    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-03-21 00:46:06    --------    d-----w-    c:\programdata\AVG Secure Search
2014-03-17 00:06:59    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-17 00:06:50    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-17 00:06:47    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-17 00:06:46    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-03-17 00:06:46    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-03-17 00:06:46    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-17 00:06:45    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-03-17 00:06:45    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-03-17 00:06:45    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-03-17 00:06:45    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-03-17 00:06:45    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-03-17 00:05:48    792576    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-03-16 22:04:57    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-03-14 02:43:31    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-14 02:40:03    381440    ----a-w-    c:\windows\system32\wer.dll
2014-03-14 02:40:00    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-03-21 00:43:13    42272    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2014-03-16 22:19:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-16 22:19:36    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-06 02:20:49    170552    ----a-w-    c:\windows\system32\drivers\bcbtums.sys
2014-03-06 02:20:45    508184    ----a-w-    c:\windows\system32\drivers\btwampfl.sys
2014-03-06 02:20:45    33832    ----a-w-    c:\windows\system32\drivers\btwl2cap.sys
2014-03-06 02:20:45    175144    ----a-w-    c:\windows\system32\drivers\btwavdt.sys
2014-03-06 02:20:45    152400    ----a-w-    c:\windows\system32\drivers\btwaudio.sys
2014-03-06 02:20:43    18728    ----a-w-    c:\windows\system32\drivers\btwrchid.sys
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-13 12:46:44    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-08 00:33:14    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-23 03:21:04    88576    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2014-01-23 03:21:04    184192    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2014-01-20 05:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-17 23:24:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-01-17 23:24:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:19:13.25 ===============
 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 18 April 2014 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#3 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 18 April 2014 - 04:57 PM

I tried running Farbar a few times. Never gets past the "checking for updates" screen and is not responding. Here are the contents of the AdWare Cleaner scan after cleaning:

 

# AdwCleaner v3.023 - Report created 18/04/2014 at 14:30:08
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ron - RON-PC
# Running from : C:\Users\Ron\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Ron\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ron\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ron\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Ron\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Ron\Documents\BitLord
Folder Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lkxuiik7.default\ConduitCommon
Folder Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Ron\Desktop\Optimizer Pro.lnk
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\searchplugins\conduit-search.xml
File Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\searchplugins\zonealarm.xml
File Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\prefs.js ]

Line Deleted : user_pref("bettergmail2.enabled.inboxcountfirst", true);
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPCF309564-C35A-4C50-AC78-C4CA74AD453D");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCF309564-C35A-4C50-AC78-C4CA74AD453D&SSPV=");
Line Deleted : user_pref("extensions.zonealarm.lastB", "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCF309564-C35A-4C50-AC78-C4CA74AD453D&SSPV=");

-\\ Google Chrome v

[ File : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [10267 octets] - [18/04/2014 14:25:06]
AdwCleaner[S0].txt - [10344 octets] - [18/04/2014 14:30:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10405 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 19 April 2014 - 07:42 AM

Try this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 21 April 2014 - 08:21 PM

Okay this is frustrating. I've tried running ComboFix several times over the last couple days. It gets nearly halfway through and will not complete. See attached screenshot. Pretty sure I've got all antivirus stuff shut off...


Edited by prov1kenobi, 21 April 2014 - 08:48 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 22 April 2014 - 10:51 AM

Try this one.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#7 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 April 2014 - 08:25 PM

OTL logfile created on: 4/22/2014 5:56:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ron\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.96 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.73% Memory free
3.93 Gb Paging File | 2.83 Gb Available in Paging File | 71.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 154.61 Gb Free Space | 70.88% Space Free | Partition Type: NTFS
Drive D: | 751.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/22 17:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
PRC - [2014/04/20 21:50:19 | 002,552,856 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\vprot.exe
PRC - [2014/04/20 21:42:49 | 001,801,240 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\ToolbarUpdater.exe
PRC - [2014/04/20 21:42:49 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\loggingserver.exe
PRC - [2014/02/13 22:20:22 | 000,450,560 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
PRC - [2014/02/07 20:14:28 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/02/07 20:14:22 | 001,564,992 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2014/01/29 21:55:08 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/04 18:23:36 | 004,161,512 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/09/27 13:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Ron\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013/09/27 13:37:04 | 000,510,752 | ---- | M] () -- C:\Program Files\Skillbrains\Updater\1.7.0.5\Updater.exe
PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/27 12:14:32 | 000,829,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2013/02/27 12:14:30 | 001,116,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2013/02/27 12:14:28 | 003,751,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 08:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
PRC - [2010/06/04 16:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/05/31 18:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 15:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/20 21:50:19 | 002,552,856 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\vprot.exe
MOD - [2014/04/20 21:42:49 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\log4cplusU.dll
MOD - [2014/02/13 22:17:48 | 001,392,640 | ---- | M] () -- C:\Program Files\DivX\DivX Media Server\DivXDLNATranscoder.dll
MOD - [2014/02/13 20:11:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 20:10:42 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 20:10:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 20:10:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 20:09:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 20:09:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/13 19:52:39 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/13 19:52:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/13 19:52:10 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 19:51:51 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/13 19:51:18 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 19:51:02 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 19:50:51 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 19:50:47 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 19:50:41 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 19:50:36 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 19:50:21 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/09 22:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/04/05 22:26:24 | 001,679,360 | ---- | M] () -- C:\Windows\System32\ac3filter.acm
MOD - [2010/07/12 08:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
MOD - [2010/07/12 08:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Greenshot\GreenshotPlugin.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - [2014/04/21 18:46:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/20 21:42:49 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\ToolbarUpdater.exe -- (vToolbarUpdater3.0.0)
SRV - [2014/03/16 15:19:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 20:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/29 21:55:08 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/04 18:23:36 | 004,161,512 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/27 12:14:32 | 000,829,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/11/02 18:22:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/04/20 21:42:49 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/03/05 19:20:49 | 000,170,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2014/01/22 20:21:04 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/01/22 20:21:04 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/23 12:00:52 | 000,458,776 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/01 17:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/08/24 17:22:58 | 000,057,944 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2013/04/04 15:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/28 18:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/25 10:33:28 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/06/21 22:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/03/02 17:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F6 AE 08 A0 59 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: google%40hitachi.com:0.3
FF - prefs.js..extensions.enabledAddons: bettergmail2%40ginatrapani.org:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.0.0.2 [2014/04/20 21:52:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/04/21 18:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/21 18:46:47 | 000,000,000 | ---D | M]
 
[2011/11/01 18:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Extensions
[2013/05/05 17:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lkxuiik7.default\extensions
[2013/05/05 17:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lkxuiik7.default\extensions\{2713b394-286f-4d7c-89ea-4174eeab9f5a}
[2014/04/21 19:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions
[2013/08/17 17:40:50 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\adblockpopups@jessehakanen.net.xpi
[2014/02/18 22:41:00 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\bettergmail2@ginatrapani.org.xpi
[2014/02/01 16:14:16 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\google@hitachi.com.xpi
[2014/02/18 22:58:47 | 000,178,105 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\rapportive@rapportive.com.xpi
[2013/07/01 06:27:25 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\tineye@ideeinc.com.xpi
[2014/01/20 21:06:49 | 000,252,969 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\tl_r@jetpack.xpi
[2013/07/31 20:34:59 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\extensions\translator@zoli.bod.xpi
[2014/04/21 18:48:19 | 000,001,819 | ---- | M] () -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zy525tb6.default-1367800767364\searchplugins\ixquick-https.xml
[2014/04/21 18:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/04/21 18:46:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/21 18:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/21 18:46:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: No name found = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Web TuneUp\vprot.exe ()
O4 - HKCU..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [LightShot] C:\Users\Ron\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\Ron\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AF1F90F-11E5-4BAF-B86E-F85536702E41}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.0.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/07 13:51:12 | 000,186,416 | R--- | M] (Dell Computer Corporation) - D:\AUTORCD.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/01/11 16:51:40 | 000,000,049 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6d18a244-669e-11e2-91e8-f8c746601c17}\Shell - "" = AutoRun
O33 - MountPoints2\{6d18a244-669e-11e2-91e8-f8c746601c17}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{6d9cf23e-00bb-11e1-81f0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d9cf23e-00bb-11e1-81f0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORCD.EXE -- [2007/03/07 13:51:12 | 000,186,416 | R--- | M] (Dell Computer Corporation)
O33 - MountPoints2\{aea34a41-adad-11e2-a6dd-d9f24be97415}\Shell - "" = AutoRun
O33 - MountPoints2\{aea34a41-adad-11e2-a6dd-d9f24be97415}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/22 17:54:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2014/04/21 19:10:36 | 012,593,024 | ---- | C] (Broadcom Corporation.) -- C:\Users\Ron\Desktop\SetupBtwDownloadSE.exe
[2014/04/21 18:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/20 21:53:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\AVG Web TuneUp
[2014/04/20 21:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/04/20 21:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/04/20 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Web TuneUp
[2014/04/20 21:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Web TuneUp
[2014/04/20 21:41:17 | 005,196,870 | R--- | C] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2014/04/18 14:39:07 | 001,146,880 | ---- | C] (Farbar) -- C:\Users\Ron\Desktop\FRST.exe
[2014/04/18 14:25:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/11 20:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e
[2014/04/11 20:25:13 | 000,068,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys
[2014/04/11 19:42:52 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/04/11 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/04/11 19:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/04/11 19:26:25 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/11 19:26:25 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/11 19:26:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/11 19:26:14 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/25 19:46:39 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\RK_Quarantine
[2014/03/25 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/25 19:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/22 17:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2014/04/22 17:52:37 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 17:52:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/22 17:51:38 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/04/22 17:51:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/22 17:51:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/22 17:51:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2790065240-3089146287-1840566740-1000UA.job
[2014/04/22 17:51:11 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2790065240-3089146287-1840566740-1000.job
[2014/04/22 17:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/21 19:26:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2790065240-3089146287-1840566740-1000Core.job
[2014/04/21 19:19:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 19:19:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 19:11:45 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/21 19:10:41 | 012,593,024 | ---- | M] (Broadcom Corporation.) -- C:\Users\Ron\Desktop\SetupBtwDownloadSE.exe
[2014/04/21 18:28:47 | 000,134,196 | ---- | M] () -- C:\Users\Ron\Desktop\Screenshot_1.png
[2014/04/20 21:52:46 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefoxwtu-secure-search.xml
[2014/04/20 21:42:49 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2014/04/20 21:41:35 | 005,196,870 | R--- | M] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2014/04/20 21:35:02 | 244,686,824 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/18 14:39:11 | 001,146,880 | ---- | M] (Farbar) -- C:\Users\Ron\Desktop\FRST.exe
[2014/04/18 14:22:37 | 001,426,178 | ---- | M] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2014/04/13 15:32:58 | 000,002,356 | ---- | M] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2014/04/11 19:34:38 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/30 17:13:30 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/25 20:47:01 | 000,002,121 | ---- | M] () -- C:\Users\Ron\Desktop\Tweaking.com - Windows Repair (All in One).lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/21 18:28:46 | 000,134,196 | ---- | C] () -- C:\Users\Ron\Desktop\Screenshot_1.png
[2014/04/20 21:52:46 | 000,000,000 | ---- | C] () -- C:\Program Files\Mozilla Firefoxwtu-secure-search.xml
[2014/04/18 14:22:26 | 001,426,178 | ---- | C] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2014/04/11 19:34:38 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/25 19:44:07 | 000,002,121 | ---- | C] () -- C:\Users\Ron\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/01/23 19:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/01/23 19:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 19:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 19:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 19:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/06/27 06:01:41 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/05 14:49:37 | 000,000,437 | ---- | C] () -- C:\Users\Ron\AppData\Local\UserProducts.xml
[2013/05/05 14:49:33 | 000,759,908 | ---- | C] (                                                            ) -- C:\Users\Ron\AppData\Local\defsea1.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009/07/13 18:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 21:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 18:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 05:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/24 17:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 14:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 18:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 05:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 18:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 18:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 09:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 18:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 03:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 22:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/24 17:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 18:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 05:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 18:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/24 17:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 05:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 05:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 21:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 05:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 05:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 05:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 05:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 05:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 05:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 05:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 05:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 18:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 05:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 11:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2012/02/01 18:55:44 | 000,008,060 | ---- | M] () MD5=365F626303EBC6DB5DCA7BBC4FAE0564 -- C:\Program Files\LibreOffice 3.5\URE\misc\services.rdb
[2012/02/02 04:42:04 | 000,180,626 | ---- | M] () MD5=7BF9E69426989A03547536FDF73EE302 -- C:\Program Files\LibreOffice 3.5\program\services\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2009/07/13 14:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 14:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 14:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >

 

 

OTL Extras logfile created on: 4/22/2014 5:56:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ron\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.96 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.73% Memory free
3.93 Gb Paging File | 2.83 Gb Available in Paging File | 71.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 154.61 Gb Free Space | 70.88% Space Free | Partition Type: NTFS
Drive D: | 751.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080AABA1-546F-4683-805D-3E47F71A38FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C6A45E-D52B-4A3D-AB95-8FA127EEEAD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12C730E7-E9DE-422A-954E-BA1BDAA2982A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{319B6BE3-5737-4771-95E2-564CA69304F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42A32B89-DE15-4F90-8EF9-14FEC7082D2A}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F4F4311-89C0-4AFB-BC8A-D333462E715C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D9D26DE-0BAE-4931-B827-8C18A14AD534}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F7BC83E-536A-4BBC-A0A3-8EBDD99A5790}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61B85B65-13AB-47EB-BC38-C2261A1D19A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6C22D88F-0714-4F85-8A98-0C90CEF1BC81}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C58D7DE-FDBA-4D5C-9B1E-0A8781B8BF98}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D4B88BC-0A64-4BED-A4CA-2433456B1A41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77D96ADA-71E4-4443-99D5-77B1C466B1CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C8FC6E4-DEBE-4AE7-9356-730C76D52852}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F0C8426-65DA-404F-B491-2E0654AAF5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD8367EA-825E-4AF7-BE04-BC77B8BD879D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B5EB1EEE-3835-4F7F-82CE-6F9F9148504E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC7202AA-CB9F-49FB-8E99-55B64B4B60D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3E534EC-E4D4-4AC3-8185-807F694533AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D883B41A-219F-48EB-9DDC-7B0849190016}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE832384-51C6-44A7-BC65-D074BBF8DC09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA8D68BB-BDA7-4CA2-A06C-7546049A7083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE228C0D-8952-4BAE-A9E4-285E1EACF39C}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0165E11A-0DEB-4F7C-A237-A70339F422E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ED17A1C-5A16-4A18-8F80-18318A32A829}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EFFF1CD-5512-44B1-A538-12108F3C4016}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3598AF4C-9E54-4C97-B250-72E10599D650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39EEEF96-293B-400E-AB33-D05402E00D05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FA7E95C-0068-4966-828E-CD8691792C5A}" = dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe |
"{438F6F80-E3F6-47AA-8CFC-C4F0E83D49EE}" = protocol=6 | dir=out | app=system |
"{4FAC492E-4585-4147-9DA3-78125AA72C8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{521E06C9-0DE8-40D5-9603-7B18D2ED9322}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D6ACA8E-711B-4869-A859-F538C1183354}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{6E8C60A1-E566-49E7-B449-60734EAFD42A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{700255D4-0BC1-4A42-9A56-41273AD96251}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AB2E061-6AC9-4424-A637-5A3B24FC662D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80976552-5AAB-4027-AFB4-B0D31960B0A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9904D403-13AB-407F-B9C5-E446BDD5A753}" = protocol=58 | dir=in | app=system |
"{9AE36C41-4393-45D4-BF57-B229F6421D29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7BC7B74-8B34-433F-92E7-1A9C5D7EF788}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACE3C5E9-9CBE-4466-B41F-91AF58E4B9ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{B1A76BAC-1670-4B49-954D-87388E31768A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4740026-9097-4108-912D-52609388A26D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BAFB1F0F-F34E-4A21-8FC0-48F231985047}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0C7E4D5-EB61-4794-BADA-F6812C63D3AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D1313663-813F-4B62-B6A5-B50016012266}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA4AA15A-048D-40E8-96CF-AF4836CC480E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCDE8402-4E1F-4AC5-8DAE-9CF3E381D24B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DFA300F1-D20F-4FDE-AA61-681B65B31761}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{041E914E-7B73-4E8B-967F-B7FFC527FF80}" = Verizon Wireless Software Utility Application for Android - Samsung
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1152429F-E6F3-472B-8556-DD6DB666A31B}" = ZoneAlarm Security
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BE22EEE-C8CD-4B16-B17E-E036C00B473B}" = ZoneAlarm Firewall
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"AC3File_is1" = AC3File 0.6b
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Audacity_is1" = Audacity 2.0.3
"AVG Web TuneUp" = AVG Web TuneUp
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"Greenshot_is1" = Greenshot
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/21/2014 10:04:22 PM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting
 module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9  Exception
 code: 0xc0000005  Fault offset: 0x00056b1d  Faulting process id: 0xf6c  Faulting application
 start time: 0x01cf5dcf147c2fef  Faulting application path: C:\Users\Ron\AppData\Roaming\VERIZON\UA_ar\UA.exe
Faulting
 module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
 Id: 6b9d2916-c9c2-11e3-888a-0002723294dc
 
Error - 4/21/2014 10:12:21 PM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 10.0.0.6:5353    4 Ron-PC.local.
 Addr 10.0.0.6
 
Error - 4/21/2014 10:12:21 PM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Ron-PC.local.
 Addr 10.0.0.2
 
Error - 4/21/2014 10:12:21 PM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Ron-PC.local already in use; will try Ron-PC-2.local
 instead
 
Error - 4/22/2014 4:27:08 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 10.0.0.6:5353    4 Ron-PC.local.
 Addr 10.0.0.6
 
Error - 4/22/2014 4:27:08 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Ron-PC.local.
 Addr 10.0.0.2
 
Error - 4/22/2014 4:27:08 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Ron-PC.local already in use; will try Ron-PC-2.local
 instead
 
Error - 4/22/2014 4:27:12 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 10.0.0.6:5353    4 Ron-PC.local.
 Addr 10.0.0.6
 
Error - 4/22/2014 4:27:12 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Ron-PC.local.
 Addr 10.0.0.2
 
Error - 4/22/2014 4:27:12 AM | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Ron-PC.local already in use; will try Ron-PC-2.local
 instead
 
Error - 4/22/2014 8:53:07 PM | Computer Name = Ron-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting
 module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9  Exception
 code: 0xc0000005  Fault offset: 0x00056b1d  Faulting process id: 0x1074  Faulting application
 start time: 0x01cf5e8e5d9049eb  Faulting application path: C:\Users\Ron\AppData\Roaming\VERIZON\UA_ar\UA.exe
Faulting
 module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
 Id: a191dde6-ca81-11e3-9c95-0002723294dc
 
[ System Events ]
Error - 8/25/2013 10:26:47 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
 Shadow Copy service to connect.
 
Error - 8/25/2013 10:26:47 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
 error:   %%1053
 
Error - 8/25/2013 10:26:56 AM | Computer Name = Ron-PC | Source = DCOM | ID = 10005
Description =
 
Error - 8/25/2013 6:33:18 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/28/2013 9:17:41 PM | Computer Name = Ron-PC | Source = DCOM | ID = 10010
Description =
 
Error - 8/31/2013 9:40:07 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater15.5.0 service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 9/1/2013 5:43:54 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 9/4/2013 9:51:09 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the BFE service.
 
Error - 9/7/2013 1:00:05 PM | Computer Name = Ron-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:57:42 AM on ?9/?7/?2013 was unexpected.
 
Error - 9/7/2013 1:00:38 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >
 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 23 April 2014 - 07:41 AM

I think it was called Bitlord. I've uninstalled the program,


Run this tool to remove any remnant item from Bitlord.

Totally uninstall [Application name], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Application name] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [Application name] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked.
===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Let me know what problem persists.

#9 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 23 April 2014 - 12:16 PM

Bitlord didn't come up in the Revo list of programs.

 

Here is the Eset txt file:

 

C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir    a variant of Win32/SpeedingUpMyPC application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir    a variant of Win32/AdWare.SpeedingUpMyPC.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.C application    cleaned by deleting - quarantined
C:\Users\Ron\AppData\Local\Temp\{6B7560BB-2207-4875-BFE0-0EE0F61D37D6}\setup.exe    multiple threats    cleaned by deleting - quarantined
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 24 April 2014 - 08:13 AM

Let see if I can find it in the registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    Bitlord.*
    :regfind
    Bitlord
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#11 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 27 April 2014 - 08:03 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:54 on 27/04/2014 by Ron
Administrator - Elevation successful

========== filefind ==========

Searching for "Bitlord.*"
No files found.

========== regfind ==========

Searching for "Bitlord"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f74ffa32_0]
@="{0.0.0.00000000}.{4add6c7a-c54d-4414-9f1e-95263731e8c6}|\Device\HarddiskVolume3\Program Files\BitLord 2\Bitlord files\bitlord.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="BitLord"
[HKEY_CURRENT_USER\Software\Classes\Magnet]
@="BitLord magnet URI"
[HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
@="C:\Program Files\BitLord 2\bitlord.ico"
[HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
@=""C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
@="BitLord"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLord]
@="BitLord 2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLord\DefaultIcon]
@=""C:\Program Files\BitLord 2\bitlord.ico""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLord\shell\open\command]
@=""C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\bitlord.exe]
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f74ffa32_0]
@="{0.0.0.00000000}.{4add6c7a-c54d-4414-9f1e-95263731e8c6}|\Device\HarddiskVolume3\Program Files\BitLord 2\Bitlord files\bitlord.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\.torrent]
@="BitLord"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\Magnet]
@="BitLord magnet URI"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\Magnet\DefaultIcon]
@="C:\Program Files\BitLord 2\bitlord.ico"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\Magnet\shell\open\command]
@=""C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" "%1""
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\.torrent]
@="BitLord"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\Magnet]
@="BitLord magnet URI"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\Magnet\DefaultIcon]
@="C:\Program Files\BitLord 2\bitlord.ico"
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\Magnet\shell\open\command]
@=""C:\Program Files\BitLord 2\Bitlord files\bitlord.exe" "%1""

-= EOF =-



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 28 April 2014 - 06:39 AM


; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f74ffa32_0]
@=-0000000000}"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@=-
[HKEY_CURRENT_USER\Software\Classes\Magnet]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\bitlord.exe]
[-HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f74ffa32_0]
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\.torrent]
@=-
[-HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000\Software\Classes\Magnet]
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\.torrent]
@=-
[HKEY_USERS\S-1-5-21-2790065240-3089146287-1840566740-1000_Classes\Magnet]
@=-



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Restart the computer normally to reset the registry.

Delete the Fix.reg file when done.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Keep me posted.

#13 prov1kenobi

prov1kenobi
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 28 April 2014 - 08:56 PM

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG Web TuneUp   
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 51  
 Java version out of Date!
  Adobe Flash Player     12.0.0.77 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 29 April 2014 - 07:25 AM

I suggest you install the free program - Microsoft Security Essentials.
http://windows.microsoft.com/en-CA/windows/security-essentials-download
It will protect you agains potential virus infection.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u55.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 AM

Posted 05 May 2014 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users