Jump to content
Sign in to follow this  
Lorrea Hall

Trojan Removal

Recommended Posts

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

OOTL logfile created on: 1/13/2012 7:05:19 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UserslorreaFavoritesDownloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.90 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 51.09% Memory free

8.02 Gb Paging File | 5.65 Gb Available in Paging File | 70.48% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 285.81 Gb Total Space | 20.47 Gb Free Space | 7.16% Space Free | Partition Type: NTFS

Drive D: | 12.28 Gb Total Space | 1.95 Gb Free Space | 15.92% Space Free | Partition Type: NTFS

Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: LORREA-PC | User Name: lorrea | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UserslorreaFavoritesDownloadsOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Ask.comUpdaterUpdater.exe (Ask)

PRC - C:Program Files (x86)Ask.comUpdateTask.exe ()

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:UserslorreaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc)

PRC - C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe (McAfee, Inc.)

PRC - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

PRC - C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)

PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

PRC - C:Program Files (x86)FreecorderFLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:Program Files (x86)Internet Content FilterSafeEyes.exe (InternetSafety.com, Inc.)

PRC - C:Program Files (x86)TechSmithJingJing.exe (TechSmith Corporation)

PRC - C:Program Files (x86)McAfee.comAgentmcagent.exe (McAfee, Inc.)

PRC - C:Program Files (x86)McAfeeMSCmcmscsvc.exe (McAfee, Inc.)

PRC - C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (CANON INC.)

PRC - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe (Audible, Inc.)

PRC - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe (Yahoo! Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Web.Services2cf510e07b605923c496b1ae3c31335fSystem.Web.Services.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Webfecd1103dd16dc1192402770caf56575System.Web.ni.dll ()

MOD - C:Program Files (x86)Ask.comUpdateTask.exe ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Microsoft.VisualStu#b554897876ce7ea0e3690d0e35859fdaMicrosoft.VisualStudio.Tools.Applications.Runtime.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32CustomMarshalersd72212e0e98b6ea4339d453bf540b5a6CustomMarshalers.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationFramewo#231b0b42eff55de5c7d7debe555c16b7PresentationFramework.Aero.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationFramewo#94f892556ec9fa7a508fc9d214ceaedfPresentationFramework.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationCore53f949f4664bb316f9b7a00d73a6e290PresentationCore.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32WindowsBasefd2c727bcef2e019eb96c1145f423701WindowsBase.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

MOD - C:Program Files (x86)TechSmithJingRecorder.dll ()

MOD - C:WindowsassemblyGAC_MSILMicrosoft.Office.Tools.Common8.0.0.0__b03f5f7f11d50a3aMicrosoft.Office.Tools.Common.dll ()

MOD - C:WindowsassemblyGACMicrosoft.Office.Interop.Outlook12.0.0.0__71e9bce111e9429cMicrosoft.Office.Interop.Outlook.dll ()

MOD - C:WindowsassemblyGACoffice12.0.0.0__71e9bce111e9429coffice.dll ()

MOD - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer Utilitypxl_m17n_tool.dll ()

MOD - C:WindowsassemblyGACstdole7.0.3300.0__b03f5f7f11d50a3astdole.dll ()

MOD - C:WindowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll ()

MOD - C:Program Files (x86)Microsoft OfficeOffice12ADDINSColleagueImport.dll ()

MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0sync_util.dll ()

MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0SyncPrefLib.dll ()

MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0AdobeXMPFiles.dll ()

MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0AdobeXMP.dll ()

MOD - C:Program Files (x86)Yahoo!Widgetsjsd.dll ()

MOD - C:Program Files (x86)Yahoo!Widgetsjs32.dll ()

MOD - C:Program Files (x86)Yahoo!Widgetssqlite3.dll ()

MOD - C:Program Files (x86)Microsoft OfficeOffice12ADDINSUmOutlookAddin.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (mfevtp) -- C:WindowsSysNativemfevtps.exe (McAfee, Inc.)

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (McODS) -- C:Program FilesMcAfeeVirusScanmcods.exe (McAfee, Inc.)

SRV:64bit: - (McShield) -- C:Program FilesMcAfeeVirusScanMcshield.exe (McAfee, Inc.)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:WindowsSysNativeDRIVERSxaudio64.exe (Conexant Systems, Inc.)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (Akamai) -- c:program files (x86)common filesakamai/netsession_win_b427739.dll ()

SRV - (McComponentHostService) -- C:Program Files (x86)McAfee Security Scan3.0.250McCHSvc.exe (McAfee, Inc.)

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (PCPitstop Realtime) -- C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC)

SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

SRV - (McSysmon) -- C:Program Files (x86)McAfeeVirusScanmcsysmon.exe (McAfee, Inc.)

SRV - (seUpdateSvc) -- C:Program Files (x86)Internet Content FilterUpdateService.exe (InternetSafety.com, Inc.)

SRV - (IntuitUpdateService) -- C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.)

SRV - (FLEXnet Licensing Service) -- C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Acresso Software Inc.)

SRV - (mcmscsvc) -- C:Program Files (x86)McAfeeMSCmcmscsvc.exe (McAfee, Inc.)

SRV - (IJPLMSVC) -- C:Program Files (x86)CanonIJPLMijplmsvc.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (Recovery Service for Windows) -- C:Program Files (x86)SMINSTBLService.exe ()

SRV - (AdobeActiveFileMonitor7.0) -- C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (HPSLPSVC) -- C:Program Files (x86)HpDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (mfehidk) -- C:WindowsSysNativedriversmfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:WindowsSysNativedriversmfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:WindowsSysNativedriversmfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:WindowsSysNativedriversmfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:WindowsSysNativedriversmfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:WindowsSysNativedriversmferkdet.sys (McAfee, Inc.)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (Netaapl) -- C:WindowsSysNativeDRIVERSnetaapl64.sys (Apple Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativeDriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (mferkdk) -- C:WindowsSysNativedriversmferkdk.sys (McAfee, Inc.)

DRV:64bit: - (mfesmfk) -- C:WindowsSysNativedriversmfesmfk.sys (McAfee, Inc.)

DRV:64bit: - (fssfltr) -- C:WindowsSysNativeDRIVERSfssfltr.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:WindowsSysNativeDRIVERSigdkmd64.sys (Intel Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativeDRIVERSsbapifs.sys (Sunbelt Software)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativeDRIVERSGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (DVDRIVER) -- C:WindowsSysNativeDRIVERSdvdriver.sys (Eagletron Inc.)

DRV:64bit: - (NETw5v64) Intel® -- C:WindowsSysNativeDRIVERSNETw5v64.sys (Intel Corporation)

DRV:64bit: - (WpdUsb) -- C:WindowsSysNativeDRIVERSwpdusb.sys (Microsoft Corporation)

DRV:64bit: - (HpqKbFiltr) -- C:WindowsSysNativeDRIVERSHpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.SYS (Realtek Semiconductor Corp.)

DRV:64bit: - (IntcHdmiAddService) Intel® -- C:WindowsSysNativedriversIntcHdmi.sys (Intel® Corporation)

DRV:64bit: - (RTL8169) -- C:WindowsSysNativeDRIVERSRtlh64.sys (Realtek Corporation )

DRV:64bit: - (CnxtHdAudService) -- C:WindowsSysNativedriversCHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (SynTP) -- C:WindowsSysNativeDRIVERSSynTP.sys (Synaptics, Inc.)

DRV:64bit: - (StillCam) -- C:WindowsSysNativeDRIVERSserscan.sys (Microsoft Corporation)

DRV:64bit: - (NETw3v64) Intel® -- C:WindowsSysNativeDRIVERSNETw3v64.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:WindowsSysNativeDRIVERSsdbus.sys (Microsoft Corporation)

DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativeDRIVERSCAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWAZL) -- C:WindowsSysNativeDRIVERSCAXHWAZL.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:WindowsSysNativeDRIVERSxaudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (yukonx64) -- C:WindowsSysNativeDRIVERSyk60x64.sys (Marvell)

DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativeDRIVERSmdmxsdk.sys (Conexant)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 98 AB 73 E9 9E 2B CC 01 [binary data]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1

IE - HKCU..URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.order.2: ""

FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110940,6902,0,21,0"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: [email protected]:3.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.4.9

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: [email protected]:1.1

 

 

FF:64bit: - [email protected]/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_1_102.dll File not found

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre7binnew_pluginnpjp2.dll (Oracle Corporation)

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll ()

FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/EPPEX: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL (CANON INC.)

FF - [email protected]/Foxit Reader Plugin,version=1.0,application/pdf: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll (Foxit Corporation)

FF - [email protected]/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/MVT: C:Program Files (x86)McAfeeSupportabilityMVTnpmvtplugin.dll (McAfee, Inc.)

FF - [email protected]/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/nppl3260;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - [email protected]/nprjplug;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nprpchromebrowserrecordext;version=12.0.1.669: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - [email protected]/nprphtml5videoshim;version=12.0.1.669: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - [email protected]/nprpjplug;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll (Yahoo! Inc.)

FF - [email protected]/launcher: C:UserslorreaAppDataLocalRobloxVersionsversion-7abe764230c5492dNPRobloxProxy.dll ()

FF - [email protected]/UnityPlayer,version=1.0: C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/01/04 18:25:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:Program Files (x86)Common FilesMcAfeeSystemCore [2011/12/29 13:42:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/11 10:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/01/11 12:41:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:UserslorreaAppDataRoamingNetAssistant [2011/09/27 19:06:09 | 000,000,000 | ---D | M]

 

[2009/10/01 20:35:55 | 000,000,000 | ---D | M] (No name found) -- C:UserslorreaAppDataRoamingMozillaExtensions

[2012/01/11 12:45:08 | 000,000,000 | ---D | M] (No name found) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions

[2011/01/15 16:15:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{20a82645-c095-46ed-80e3-08825760534b}

[2011/12/12 18:05:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/10/03 10:37:16 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/10/11 07:43:36 | 000,000,000 | ---D | M] (FLYLADY) -- C:UserslorreaAppDataRo[email protected]benefitbar.com

[2011/09/27 19:05:48 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:UserslorreaAppDa[email protected]yontoo.com

[2012/01/11 12:45:24 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:UserslorreaAppDat[email protected]ask.com

[2010/03/08 17:51:06 | 000,004,554 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaim-search-1.xml

[2009/12/27 13:16:01 | 000,004,554 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaim-search.xml

[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaskcom.xml

[2009/10/11 07:42:31 | 000,001,417 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsweb-search-flylady.xml

[2011/03/25 07:46:08 | 000,001,492 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsweb-search-powered-by-google.xml

[2012/01/11 10:35:47 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

() (No name found) -- C:USERSLORREAAPPDATA[email protected]REMEMBERTHEMILK.COM.XPI

() (No name found) -- C:USERSLORREAAPPDAT[email protected]ALEXA.COM.XPI

[2012/01/11 10:35:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpdeployJava1.dll

[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpyaxmpb.dll

[2012/01/11 10:35:43 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml.old

[2012/01/11 10:35:43 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:Windowssystem32AdobeDirectornp32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnp-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:Program Files (x86)Mozilla FirefoxpluginsNPOFF12.DLL

CHR - plugin: Chrome NaCl (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202pdf.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

CHR - plugin: downloadUpdater (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnprjplug.dll

CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: Unity Player (Enabled) = C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:UserslorreaAppDataLocalRobloxVersionsversion-5ce51d8367464075NPRobloxProxy.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:UserslorreaAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0

 

O1 HOSTS File: ([2012/01/11 09:39:31 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetcHosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesCommon FilesMcAfeeSystemCoreScriptSn.20111229134204.dll (McAfee, Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll (CANON INC.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll (McAfee, Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll File not found

O3 - HKLM..Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll (Microsoft Corp.)

O3 - HKLM..Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:Program Files (x86)Internet Content FilterSEToolbar.dll (InternetSafety.com, Inc.)

O3 - HKLM..Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll (CANON INC.)

O3 - HKLM..Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [ApnUpdater] C:Program Files (x86)Ask.comUpdaterUpdater.exe (Ask)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [CanonSolutionMenuEx] C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (CANON INC.)

O4 - HKLM..Run: [CarboniteSetupLite] C:Program Files (x86)CarboniteCarbonitePreinstaller.exe (Carbonite, Inc.)

O4 - HKLM..Run: [ccApp] C:Program Files (x86)Common FilesSymantec SharedccApp.exe (Symantec Corporation)

O4 - HKLM..Run: [Freecorder FLV Service] C:Program Files (x86)FreecorderFLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..Run: [iCF] C:Program Files (x86)Internet Content FilterSafeEyes.exe (InternetSafety.com, Inc.)

O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [mcagent_exe] C:Program Files (x86)McAfee.comAgentmcagent.exe (McAfee, Inc.)

O4 - HKLM..Run: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe (PC Pitstop LLC)

O4 - HKLM..Run: [QuickTime Plugin Install] C:Program Files (x86)QuickTimePluginsDeleteMe1.exe ()

O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)

O4 - HKLM..Run: [updateLBPShortCut] C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..Run: [updateP2GoShortCut] C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..Run: [updatePDIRShortCut] C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..Run: [updatePSTShortCut] C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..Run: [Akamai NetSession Interface] C:UserslorreaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..Run: [Jing] C:Program Files (x86)TechSmithJingJing.exe (TechSmith Corporation)

O4 - HKCU..Run: [PhotoshopElementsSyncAgent] C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk = C:Program Files (x86)JobulatorJobulator.exe ()

O4 - Startup: C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYahoo! Widgets.lnk = C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe (Yahoo! Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.6.0_07binnpjpi160_07.dll (Sun Microsystems, Inc.)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000004 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000011 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000012 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000013 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000015 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000004 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000015 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{0CA4EE89-1E16-4135-80DE-B7E4553CD477}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4C49B35F-E7AF-40C8-9C33-4080F3F93CAB}: DhcpNameServer = 172.16.68.215 172.16.68.215

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{E658EB1E-040B-44C5-B679-4F23FC048BB0}: DhcpNameServer = 172.16.64.215 172.16.64.215

O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg

O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/11 18:19:06 | 000,064,600 | ---- | C] (Sunbelt Software) -- C:WindowsSysNativedriverssbapifs.sys

[2012/01/11 14:26:58 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/01/11 12:55:18 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll

[2012/01/11 12:55:18 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll

[2012/01/11 12:55:18 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe

[2012/01/11 12:55:18 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe

[2012/01/11 12:55:18 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejava.exe

[2012/01/11 12:54:55 | 000,000,000 | ---D | C] -- C:Program FilesJava

[2012/01/11 12:45:27 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFoxit Reader 5.1

[2012/01/11 12:45:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Ask.com

[2012/01/11 12:44:56 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalAPN

[2012/01/11 12:44:44 | 000,000,000 | ---D | C] -- C:Program Files (x86)Foxit Software

[2012/01/11 12:41:01 | 000,000,000 | -HSD | C] -- C:Config.Msi

[2012/01/11 09:32:17 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll

[2012/01/11 09:32:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecur32.dll

[2012/01/11 04:07:54 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativequartz.dll

[2012/01/11 04:07:54 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64quartz.dll

[2012/01/11 04:07:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64qdvd.dll

[2012/01/11 04:07:53 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeqdvd.dll

[2012/01/11 04:07:51 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentdll.dll

[2012/01/11 04:07:50 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinmm.dll

[2012/01/11 04:07:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemcicda.dll

[2012/01/11 04:07:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemciwave.dll

[2012/01/11 04:07:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemciseq.dll

[2012/01/11 04:07:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mciseq.dll

[2012/01/11 04:07:47 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll

[2012/01/11 04:07:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepackager.dll

[2012/01/11 04:07:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64packager.dll

[2012/01/10 09:03:01 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2012/01/09 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/01/09 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/01/09 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/01/09 13:44:20 | 000,000,000 | ---D | C] -- C:WindowsERDNT

[2012/01/09 13:44:16 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/01/09 08:21:19 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/01/09 08:21:19 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/01/08 22:09:11 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingSUPERAntiSpyware.com

[2012/01/08 22:08:58 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware

[2012/01/08 22:08:53 | 000,000,000 | ---D | C] -- C:ProgramDataSUPERAntiSpyware.com

[2012/01/08 22:08:53 | 000,000,000 | ---D | C] -- C:Program FilesSUPERAntiSpyware

[2012/01/06 13:56:28 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalCrashDumps

[2012/01/05 19:14:45 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/01/05 19:01:23 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy

[2012/01/05 19:01:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/01/05 18:58:15 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/01/05 18:54:51 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/01/05 05:47:30 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalNPE

[2012/01/04 18:51:20 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee Security Scan Plus

[2012/01/04 17:39:08 | 000,041,160 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmferkdk.sys

[2012/01/03 20:21:45 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingOpera

[2012/01/03 20:21:44 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalOpera

[2012/01/03 20:14:53 | 000,000,000 | ---D | C] -- C:Program Files (x86)Opera

[2012/01/03 17:56:43 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalSecunia PSI

[2012/01/03 17:55:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)Secunia

[2012/01/01 23:33:37 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingRealNetworks

[2012/01/01 09:59:29 | 000,000,000 | ---D | C] -- C:Program FilesiPod(172)

[2011/12/29 13:43:26 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee.com

[2011/12/29 13:42:03 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeclnk.sys

[2011/12/29 13:41:26 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativemfevtps.exe

[2011/12/29 13:41:21 | 000,647,080 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfehidk.sys

[2011/12/29 13:41:21 | 000,481,768 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfefirek.sys

[2011/12/29 13:41:21 | 000,284,648 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfewfpk.sys

[2011/12/29 13:41:21 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeavfk.sys

[2011/12/29 13:41:21 | 000,160,280 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeapfk.sys

[2011/12/29 13:41:21 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmferkdet.sys

[2011/12/29 08:10:01 | 000,049,608 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfesmfk.sys

[2011/12/29 07:28:26 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingMcAfee

[2011/12/29 07:26:23 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee

[2011/12/29 07:23:53 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesMcAfee

[2011/12/29 07:23:49 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee

[2011/12/29 07:23:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)McAfee.com

[2011/12/29 07:23:48 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesMcAfee

[2011/12/29 07:23:45 | 000,000,000 | ---D | C] -- C:Program Files (x86)McAfee

[2011/12/26 22:21:35 | 000,000,000 | ---D | C] -- C:Program FilesDIFX

[2011/12/25 15:53:29 | 000,000,000 | ---D | C] -- C:ProgramDataPCPitstopDat

[2011/12/25 15:19:40 | 000,000,000 | ---D | C] -- C:ProgramDataPCPitstop

[2011/12/25 15:19:40 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Pitstop

[2011/12/25 15:19:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)PCPitstop

[2011/12/24 19:15:29 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalSymantec

[2011/12/24 19:15:22 | 000,225,328 | ---- | C] (Symantec Corporation) -- C:WindowsSysNativedriverswpshelper.sys

[2011/12/24 19:13:01 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2011/12/24 19:11:52 | 000,000,000 | ---D | C] -- C:Program FilesSymantec

[2011/12/24 19:11:18 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64capicom.dll

[2011/12/24 19:11:08 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesSymantec Shared

[2011/12/24 19:11:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection

[2011/12/24 19:11:07 | 000,000,000 | ---D | C] -- C:Program Files (x86)Symantec

[2011/12/24 18:58:35 | 000,000,000 | ---D | C] -- C:UserslorreaDocumentsJason's

[2011/12/21 14:34:59 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

[2011/12/21 14:34:51 | 000,000,000 | ---D | C] -- C:Program Files (x86)KeywordBlaze

[2011/12/15 14:00:53 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2011/12/15 14:00:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2011/12/15 14:00:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2011/12/15 14:00:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2011/12/15 14:00:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2011/12/15 14:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2011/12/15 14:00:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2011/12/15 14:00:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2011/12/15 14:00:46 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2011/12/15 14:00:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2011/12/15 14:00:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2011/12/14 15:48:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecsrsrv.dll

[2011/12/14 15:47:48 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeEncDec.dll

[2011/12/14 15:47:48 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64EncDec.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/13 07:18:59 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/01/13 06:57:29 | 000,000,788 | ---- | M] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk

[2012/01/13 06:55:58 | 000,000,290 | ---- | M] () -- C:ProgramDatahpqp.ini

[2012/01/13 06:55:36 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/01/13 06:53:56 | 000,000,374 | ---- | M] () -- C:WindowsSysNativedriversetchosts.ics

[2012/01/13 06:53:40 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 06:53:39 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 06:53:30 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/01/11 12:54:58 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll

[2012/01/11 12:54:58 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll

[2012/01/11 12:54:58 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe

[2012/01/11 12:54:58 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe

[2012/01/11 12:54:58 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejava.exe

[2012/01/11 12:45:28 | 000,000,945 | ---- | M] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader 5.1.lnk

[2012/01/11 09:39:31 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/01/11 09:11:36 | 000,001,038 | ---- | M] () -- C:UserslorreaDesktopComboFix - Shortcut (2).lnk

[2012/01/10 08:47:29 | 000,000,908 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/10 07:18:39 | 000,001,038 | ---- | M] () -- C:UserslorreaDesktopComboFix - Shortcut.lnk

[2012/01/09 14:18:03 | 000,000,338 | ---- | M] () -- C:WindowstasksHPCeeScheduleForlorrea.job

[2012/01/09 08:21:19 | 000,001,962 | ---- | M] () -- C:UserslorreaDesktopHiJackThis.lnk

[2012/01/08 22:08:58 | 000,001,756 | ---- | M] () -- C:UsersPublicDesktopSUPERAntiSpyware Free Edition.lnk

[2012/01/06 21:05:32 | 546,843,646 | ---- | M] () -- C:WindowsMEMORY.DMP

[2012/01/06 20:57:56 | 000,000,680 | ---- | M] () -- C:UserslorreaAppDataLocald3d9caps.dat

[2012/01/06 20:20:58 | 000,001,985 | ---- | M] () -- C:UsersPublicDesktopGoogle Chrome.lnk

[2012/01/06 14:13:01 | 000,822,174 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/01/06 14:13:01 | 000,675,696 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/01/06 14:13:01 | 000,133,026 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/01/05 21:24:11 | 000,000,872 | ---- | M] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk

[2012/01/05 21:24:11 | 000,000,848 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk

[2012/01/05 19:14:45 | 000,001,654 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/01/05 06:14:06 | 000,001,395 | ---- | M] () -- C:WindowsSysNativedriversetchosts.bak

[2012/01/04 18:51:20 | 000,001,961 | ---- | M] () -- C:UsersPublicDesktopMcAfee Security Scan Plus.lnk

[2012/01/04 18:51:20 | 000,001,961 | ---- | M] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk

[2011/12/29 07:28:24 | 000,001,943 | ---- | M] () -- C:UsersPublicDesktopMcAfee Virtual Technician.lnk

[2011/12/29 07:26:34 | 000,000,801 | ---- | M] () -- C:UsersPublicDesktopMcAfee Security Center.lnk

[2011/12/25 15:54:49 | 000,024,576 | ---- | M] () -- C:bcd_backup

[2011/12/25 12:19:56 | 000,173,568 | ---- | M] () -- C:UserslorreaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/24 21:05:07 | 000,000,732 | ---- | M] () -- C:UserslorreaAppDataLocald3d9caps64.dat

[2011/12/24 19:13:26 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2011/12/24 19:13:26 | 000,007,440 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2011/12/24 19:13:26 | 000,000,855 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2011/12/24 12:27:32 | 000,001,940 | ---- | M] () -- C:UserslorreaAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/12/24 04:28:38 | 000,000,112 | ---- | M] () -- C:ProgramData1AiJ2Bh5.dat

[2011/12/24 04:28:37 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64CIpb8BXQD.com.b

[2011/12/21 14:34:51 | 000,000,782 | ---- | M] () -- C:UsersPublicDesktopKeywordBlaze.lnk

[2011/12/21 14:33:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2011/12/15 14:43:01 | 000,412,824 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2012/01/11 12:45:28 | 000,000,945 | ---- | C] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader 5.1.lnk

[2012/01/11 09:11:36 | 000,001,038 | ---- | C] () -- C:UserslorreaDesktopComboFix - Shortcut (2).lnk

[2012/01/10 08:47:29 | 000,000,908 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/10 07:18:39 | 000,001,038 | ---- | C] () -- C:UserslorreaDesktopComboFix - Shortcut.lnk

[2012/01/09 13:44:27 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/01/09 13:44:27 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/01/09 13:44:27 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/01/09 13:44:27 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/01/09 13:44:27 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/01/09 08:21:19 | 000,001,962 | ---- | C] () -- C:UserslorreaDesktopHiJackThis.lnk

[2012/01/08 22:08:58 | 000,001,756 | ---- | C] () -- C:UsersPublicDesktopSUPERAntiSpyware Free Edition.lnk

[2012/01/05 19:14:45 | 000,001,654 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2011/12/29 07:28:24 | 000,001,943 | ---- | C] () -- C:UsersPublicDesktopMcAfee Virtual Technician.lnk

[2011/12/29 07:28:05 | 000,001,953 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee Virtual Technician.lnk

[2011/12/29 07:26:34 | 000,000,801 | ---- | C] () -- C:UsersPublicDesktopMcAfee Security Center.lnk

[2011/12/25 15:54:48 | 000,024,576 | ---- | C] () -- C:bcd_backup

[2011/12/25 15:09:37 | 000,002,002 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHP Digital Imaging Monitor.lnk

[2011/12/25 15:09:37 | 000,001,961 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk

[2011/12/25 15:09:37 | 000,001,950 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAudible Download Manager.lnk

[2011/12/25 15:09:37 | 000,000,928 | ---- | C] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYahoo! Widgets.lnk

[2011/12/25 15:09:37 | 000,000,901 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupImageMixer 3 SE Camera Monitor Ver.6.lnk

[2011/12/25 15:09:37 | 000,000,869 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSub Sidekick.lnk

[2011/12/25 15:09:37 | 000,000,788 | ---- | C] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk

[2011/12/24 21:05:07 | 000,000,732 | ---- | C] () -- C:UserslorreaAppDataLocald3d9caps64.dat

[2011/12/24 19:13:01 | 000,007,440 | ---- | C] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2011/12/24 19:13:01 | 000,000,855 | ---- | C] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2011/12/24 04:28:37 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64CIpb8BXQD.com.b

[2011/12/24 03:37:03 | 000,000,112 | ---- | C] () -- C:ProgramData1AiJ2Bh5.dat

[2011/12/21 14:34:51 | 000,000,794 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsKeywordBlaze.lnk

[2011/12/21 14:34:51 | 000,000,782 | ---- | C] () -- C:UsersPublicDesktopKeywordBlaze.lnk

[2011/11/10 18:42:58 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe

[2011/11/10 18:42:58 | 000,005,116 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini

[2011/11/10 18:42:56 | 000,004,096 | ---- | C] () -- C:WindowsSysWow64driversRT2870.bin

[2011/07/14 20:56:06 | 000,074,240 | ---- | C] () -- C:Windowstrackerpod_server.exe

[2011/05/12 11:42:16 | 000,001,940 | ---- | C] () -- C:UserslorreaAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/04/29 14:00:06 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll

[2011/04/29 13:59:10 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin

[2011/04/29 13:58:24 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2010/10/12 13:56:40 | 000,000,168 | ---- | C] () -- C:UserslorreaAppDataRoamingTAConf.conf

[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:WindowsSysWow64igkrng500.bin

[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:WindowsSysWow64igcompkrng500.bin

[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:WindowsSysWow64igfcg500m.bin

[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:WindowsSysWow64iglhsip32.dll

[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:WindowsSysWow64iglhcp32.dll

[2010/04/11 18:04:06 | 000,000,126 | ---- | C] () -- C:WindowsQUICKEN.INI

[2009/11/01 08:58:01 | 000,760,620 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2009/10/26 15:47:00 | 000,024,226 | ---- | C] () -- C:UserslorreaAppDataRoamingUserTile.png

[2009/10/26 09:18:17 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat

[2009/10/15 10:15:45 | 000,130,833 | ---- | C] () -- C:Windowshpoins18.dat

[2009/10/15 10:10:33 | 000,006,600 | ---- | C] () -- C:Windowshpomdl18.dat

[2009/10/06 21:12:01 | 000,173,568 | ---- | C] () -- C:UserslorreaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/03 06:48:42 | 000,000,680 | ---- | C] () -- C:UserslorreaAppDataLocald3d9caps.dat

[2009/10/02 10:26:00 | 000,000,540 | ---- | C] () -- C:UserslorreaAppDataRoamingwklnhst.dat

[2009/08/10 09:23:16 | 000,000,290 | ---- | C] () -- C:ProgramDatahpqp.ini

[2009/04/20 16:31:40 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin

[2008/07/06 13:20:48 | 000,147,172 | ---- | C] () -- C:WindowsSysWow64igfcg550.bin

[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:WindowsSysWow64OpenQuicktimeLib.dll

[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini

[2006/11/02 08:37:05 | 000,067,584 |

Share this post


Link to post
Share on other sites

Hi,

 

I see that we have some more work to do. :) I noticed that you have both Norton and McAfee on your system. Which antivirus is it that you are actively using? We need to remove the other so there are no conflicts.

Share this post


Link to post
Share on other sites

Sorry for a late reply long-day at work today!! I had Norton on my computer before, my brother tried uninstalling it over christmas but was unable to get it off for some reason it messed up the registry or something and wouldn't boot back-up then when it did it wasn't gone. I just went ahead and installed the McAfee anyway..so that's the story behind that one. I would be happy to take it off but when he tried my computer totally died for 2 days so I have been reluctant to try again :-). On that topic there is another program on my machine that is refusing to go away as well, hopefully not the cause of all this mess but it's called Sub Sidekick...I would love to get it off as it is quite annoying. I was trying them for a while for work but in the end found it too cumbersome and not really helpful so I never upgraded to the paid subscription.

 

Thanks for your help!

Share this post


Link to post
Share on other sites

Another potential problem I spotted today...it's something called "Text Enhance" I checked my plug-in on my browser but couldn't find the source of this. I have seen this before on blogs and thought it was somehow connected to the blog but today I was on my son's school platform and I seen an oddly highlighted text, when I scrolled over it, it popped up with this advertisement. It didn't make sense that the school approved of this so I did a search and it seems that these "links" may actually be originating from my machine rather than the other way around. I don't want to side track us but if this is all somehow related I thought it pertinent to let you know of this finding.

Share this post


Link to post
Share on other sites

Hi,

 

Ok...first thanks for letting me know about the programs you are having problems with. :)

----------

 

Let's remove Norton completely. Use the tool found here to do so. Once complete reboot your system and then continue with the following instructions.

---------

 

 

Please do the following:

 

Hold down the Windows key and press R to open a run box

type the following text into the run box

 

appwiz.cpl

 

This will open your Programs And Features. A list of installed programs will populate

 

Remove the following programs:

 

Sub Sidekick

----------

 

 

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.

    Posted Image

  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.
----------

 

Now run another scan with OTL.

----------

 

In your next reply please post the logs created by Kaspersky Virus Tool and OTL. :)

Share this post


Link to post
Share on other sites

Alright apparently my pc is trying to tell me something...my husband got home and so I tried to show him what it was doing and instead it uninstalled the program with no problems at all. Both programs are now gone...moving on to step 2....

Share this post


Link to post
Share on other sites

O.k. so I ran Kapersky once and it stopped 10 hours latter for some reason. So I ran it again and 20 hours latter it finished, showing 2 infections. I saved the log on my computer...then I proceeded to open it to send it to you and that's when it got hairy. My computer locked up, I shut-down, restarted and tried again...still locked up so again shut-down, restarted....Repeated another 2 times then just shut-down for the night. I started up this morning and went to my documents to try to open the log again and got an error saying that my documents are not accessible. I am trying to stay calm :-). Please help!!!

Share this post


Link to post
Share on other sites

Alright, I took some time this morning to see what I could do about my missing software becuase I am beginning to think that a clean sweep of this computer is what I really need to do. I did find the software but the keycode is missing. I was searching online and there was some indication that there maybe some sort of Keycode finder that I could use to pull off keycodes that are on my computer. I am wondering if you know of any safe ones to use for this. I will start working on making sure there are no additional files I need to back-up on my computer. I did a recent back-up so most should already be taken care of.

 

Thanks

Lorrea

Share this post


Link to post
Share on other sites

O.k. another update! I was able to find the most important product codes. So please let me know what to do next. Thank you again for your time on this, I know I've been around for quite a while.

 

Lorrea

Share this post


Link to post
Share on other sites

Hi Lorrea,

 

I just want to make sure I understand what you want to do...Are you wanting to reinstall your operating system?

Share this post


Link to post
Share on other sites

Yes, this computer is essential to my work and I just need to get back to business so I think I just need to cut my losses, back-up as much as I can and start fresh! It will probably be good for my computer to get a fresh start with nothing on it. I know I still need to make sure that my external hard drive is clean as well, hopefully none of this has passed over to that. I am hoping that since I only back-up documents, photo's and videos that nothing too malicious is hiding out over there.

 

Lorrea

Share this post


Link to post
Share on other sites

Hi Lorrea,

 

I think you are making a good decision. The infection that I found is one of the worst ones out right now and the damage that may have been done could still be hiding. I think you would be best served by either posting for help in the User to User forum here or go to What the Tech and post into the Windows forum (after registering for free). The techs at What the Tech are exceptional and will be ready to help you. :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

 

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

----------

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...