|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
||||
|
||||
I'd like us to scan your machine with ESET OnlineScan
Also please post back with a fresh OTL logfile and tell me how the system is running. |
#17
|
||||
|
||||
There was no option for the file on the scan...but the screen did say no threats. Perhaps that is why? The OTL scan shortly. Work...
|
#18
|
||||
|
||||
I was asked to post this for drledger....
OTL logfile created on: 6/18/2013 9:29:33 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charles\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 30.15% Memory free 7.50 Gb Paging File | 3.94 Gb Available in Paging File | 52.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.18 Gb Total Space | 39.19 Gb Free Space | 8.63% Space Free | Partition Type: NTFS Drive D: | 11.48 Gb Total Space | 2.10 Gb Free Space | 18.33% Space Free | Partition Type: NTFS Computer Name: PAVILLION | User Name: Charles | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/15 15:16:06 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_7_700_224.exe PRC - [2013/06/15 14:27:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/09 23:40:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe PRC - [2013/05/08 19:45:03 | 004,023,848 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe PRC - [2013/05/08 07:42:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler. exe PRC - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/08/05 17:54:54 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/01/23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy. exe PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe PRC - [2009/05/08 19:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe PRC - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe ========== Modules (No Company Name) ========== MOD - [2013/06/15 15:16:05 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_224.dll MOD - [2013/05/16 09:27:47 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\98e8641e2ca570f03352a91836b0b97a \System.ServiceModel.Routing.ni.dll MOD - [2013/05/16 09:27:45 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\0e5d2997438866de453e8b1401d84398 \System.ServiceModel.Discovery.ni.dll MOD - [2013/05/16 09:27:43 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\3a75004c8363a598f4997686c16ae55e \System.ServiceModel.Channels.ni.dll MOD - [2013/05/16 09:27:22 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c \System.ServiceModel.Activities.ni.dll MOD - [2013/05/16 09:27:17 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef \System.IdentityModel.ni.dll MOD - [2013/05/16 09:27:14 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\be692307d47b83000bba8bb6b484aff0\ System.ServiceModel.ni.dll MOD - [2013/05/16 09:26:42 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\66cd1f52f3d80e02efa25c0fd795a278 \System.ServiceModel.Web.ni.dll MOD - [2013/05/16 09:22:26 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b \System.Runtime.DurableInstancing.ni.dll MOD - [2013/05/16 09:22:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Seri#\2609614ca03927f7a99418c74844059b \System.Runtime.Serialization.ni.dll MOD - [2013/05/16 08:50:45 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\a9594959e951127f16eb49644ba92f79 \PresentationFramework.ni.dll MOD - [2013/05/16 08:50:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Data\6f120c76113dc5166d2a5a5d21900f39\System.D ata.ni.dll MOD - [2013/05/16 08:49:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\Pre sentationCore.ni.dll MOD - [2013/05/16 08:49:26 | 000,749,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Security\aaf1949171dfbfcd4669ed8ba6cd3f10\Syst em.Security.ni.dll MOD - [2013/05/16 08:49:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\233661f3a2b632e9553915c8639637d0 \System.Configuration.ni.dll MOD - [2013/05/16 08:49:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsB ase.ni.dll MOD - [2013/05/16 08:49:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\153143f74d840484b510d8cf5187796b \System.Windows.Forms.ni.dll MOD - [2013/05/16 08:48:45 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\2f9e0112e10f9e70d3430d0be9863976\System.C ore.ni.dll MOD - [2013/05/09 23:40:47 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/05/08 19:43:45 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll MOD - [2013/02/14 10:42:34 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b \System.WorkflowServices.ni.dll MOD - [2013/02/14 10:40:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a \System.ServiceProcess.ni.dll MOD - [2013/01/09 10:30:40 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Management\ac9e3eca6c148504588e7c6d09fe83e3\Sy stem.Management.ni.dll MOD - [2013/01/09 10:20:23 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIA utomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983 \UIAutomationProvider.ni.dll MOD - [2013/01/09 10:20:08 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\ System.Web.Services.ni.dll MOD - [2013/01/09 10:19:38 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Transactions\dcb0e7d56ffca14d7c483103235b11ad\ System.Transactions.ni.dll MOD - [2013/01/09 10:19:34 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiag nostics.ni.dll MOD - [2013/01/09 10:19:26 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\866894ebe5258bf9f45d6b063229e990\System.X aml.ni.dll MOD - [2013/01/09 10:09:27 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\Syste m.Drawing.ni.dll MOD - [2013/01/09 10:07:38 | 000,309,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\82f376255a9523982c52cf58b13268d3 \PresentationFramework.Classic.ni.dll MOD - [2013/01/09 10:06:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\43cd41484df96d15df949eb17dd88152\System.Xm l.ni.dll MOD - [2013/01/09 10:06:33 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013/01/09 10:06:14 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Numerics\c300c8ca0910bbffb16a244b56be6d05\Syst em.Numerics.ni.dll MOD - [2013/01/09 10:06:07 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni .dll MOD - [2012/06/01 15:20:02 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\39624\RapportMS.dll MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2011/01/23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrar y.dll MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy. exe MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll MOD - [2009/02/19 20:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv .exe -- (lxecCATSCustConnectService) SRV:64bit: - [2009/07/30 11:59:32 | 001,050,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device) SRV:64bit: - [2009/07/29 16:03:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV:64bit: - [2009/03/31 10:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2013/06/15 15:16:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc) SRV - [2013/04/11 21:16:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360) SRV - [2012/10/30 22:04:34 | 000,162,232 | ---- | M] (Bayer Healthcare LLC) [Auto | Running] -- C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv. exe -- (lxecCATSCustConnectService) SRV - [2010/04/14 15:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe -- (AntiSpywareService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater) SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/27 09:25:53 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32) DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt) DRV:64bit: - [2013/02/20 18:45:40 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymefa64.sys -- (SymEFA) DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s rtsp64.sys -- (SRTSP) DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s rtspx64.sys -- (SRTSPX) DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymds64.sys -- (SymDS) DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\c csetx64.sys -- (ccSet_N360) DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\i ronx64.sys -- (SymIRON) DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymnets.sys -- (SymNetS) DRV:64bit: - [2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/08/17 11:21:40 | 000,028,472 | ---- | M] (SMART Modular) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JeppDrive.sys -- (JeppDrive) DRV:64bit: - [2011/07/13 21:17:12 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.s ys -- (SMARTMouseFilterx64) DRV:64bit: - [2011/07/13 21:17:00 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64) DRV:64bit: - [2011/07/13 21:16:58 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd 64.sys -- (SMARTVHidMiniVistaAmd64) DRV:64bit: - [2010/11/29 07:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/08/20 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:64bit: - [2009/07/30 02:11:22 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009/06/15 10:07:56 | 000,139,616 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis) DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp) DRV:64bit: - [2005/09/24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\ 20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/05/25 17:33:49 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs \20130617.021\ex64.sys -- (NAVEX15) DRV - [2013/05/25 17:33:49 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs \20130617.021\eng64.sys -- (NAVENG) DRV - [2013/05/17 12:17:14 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/02/21 17:50:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\2 0130615.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/10/30 07:00:08 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926) DRV - [2012/08/09 08:11:49 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/04/17 01:24:00 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2012/04/17 01:23:58 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A DC 63 63 D0 73 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://my.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKCU\..\SearchScopes\{C751A948-34CE-4226-AA16-C3C859905B82}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300023&SearchSource=45&UM=2&q ={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130520,19854 ,0,66,0 IE - HKCU\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130520,19857,0,6 6,0" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.13 FF - prefs.js..extensions.enabledAddons: idvaultaddin%40whitesky:1.13.506.2 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found |
#19
|
||||
|
||||
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_70 0_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charles\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\shopsafe@orbiscom: C:\Program Files (x86)\ShopSafe [2011/03/02 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/01/01 16:49:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/16 13:42:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/22 09:48:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\lesstabs@lesstabs.com: C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/16 13:39:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/01 19:09:10 | 000,000,000 | ---D | M] [2010/11/18 23:14:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s [2010/11/18 23:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009/12/01 19:57:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s\home2@tomtom.com [2013/06/16 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions [2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} [2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2013/05/10 00:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} [2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\idvaultaddin@w hitesky [2013/05/27 09:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions [2013/05/17 19:53:11 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions\addon@freecord er.com [2013/05/27 09:26:39 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions\idvaultaddin@w hitesky [2013/05/10 02:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/09 23:38:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/06/16 13:42:32 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN [2013/02/22 09:48:53 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN [2013/05/09 23:40:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/05/09 23:40:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old [2013/05/09 23:40:42 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy. exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.223.0.2 67.223.0.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{38FE4937-F9A9-424C-9815-022C178040A2}: DhcpNameServer = 67.223.0.2 67.223.0.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{C3BB2B3A-2D3E-4A32-8E64-DECB397A4A12}: DhcpNameServer = 67.223.0.2 67.223.0.3 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\JAUDCA~1.D LL) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap64.dll (Jaksta Technologies Pty Ltd) O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.) O20 - AppInit_DLLs: (C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dl l) - C:\Program Files (x86)\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fb4de506-4825-11e1-8bf2-00269e1a256b}\Shell - "" = AutoRun O33 - MountPoints2\{fb4de506-4825-11e1-8bf2-00269e1a256b}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/18 00:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2013/06/17 18:21:59 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Charles\Desktop\esetsmartinstaller_enu.ex e [2013/06/17 08:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/06/15 14:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe [2013/06/07 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipSE [22 C:\Users\Charles\Desktop\*.tmp files -> C:\Users\Charles\Desktop\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/18 09:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/18 08:47:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/18 07:47:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/18 06:42:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001UA.job [2013/06/17 18:42:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001Core.job [2013/06/17 18:22:11 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Charles\Desktop\esetsmartinstaller_enu.ex e [2013/06/16 23:59:08 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013/06/16 14:05:00 | 000,018,964 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130616_140456.reg [2013/06/16 13:52:48 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/16 13:52:48 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/16 13:41:25 | 000,000,576 | ---- | M] () -- C:\Windows\Brownie.ini [2013/06/16 13:40:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/16 13:40:43 | 3018,661,888 | -HS- | M] () -- C:\hiberfil.sys [2013/06/16 13:34:31 | 000,648,201 | ---- | M] () -- C:\Users\Charles\Desktop\adwcleaner.exe [2013/06/16 08:35:55 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2013/06/16 08:35:55 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2013/06/15 19:16:20 | 000,001,773 | ---- | M] () -- C:\Windows\QUICKEN.INI [2013/06/15 14:27:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe [2013/06/07 17:27:20 | 000,005,296 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg [2013/06/07 17:03:51 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat [2013/06/07 16:47:28 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCharles.job [2013/06/04 16:33:49 | 000,875,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/06/04 16:33:49 | 000,729,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/06/04 16:33:49 | 000,145,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/06/02 12:56:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/06/02 12:55:33 | 000,002,932 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg [2013/05/27 09:25:53 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/05/27 09:25:06 | 000,002,169 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2013/05/21 07:20:02 | 000,210,944 | ---- | M] () -- C:\Users\Charles\Documents\Bayer.db [22 C:\Users\Charles\Desktop\*.tmp files -> C:\Users\Charles\Desktop\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/16 14:04:58 | 000,018,964 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130616_140456.reg [2013/06/16 13:34:30 | 000,648,201 | ---- | C] () -- C:\Users\Charles\Desktop\adwcleaner.exe [2013/06/07 17:27:19 | 000,005,296 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg [2013/06/07 17:03:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2013/06/02 12:56:23 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/06/02 12:55:31 | 000,002,932 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg [2013/06/01 19:09:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/05/10 02:19:53 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe [2013/05/09 23:22:43 | 000,000,258 | RHS- | C] () -- C:\Users\Charles\ntuser.pol [2013/02/16 11:20:56 | 000,007,619 | ---- | C] () -- C:\Users\Charles\AppData\Local\Resmon.ResmonCfg [2013/01/10 18:58:30 | 000,031,250 | ---- | C] () -- C:\Windows\HL-5370DW.INI [2012/12/11 13:27:56 | 004,132,864 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi [2012/03/26 11:28:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll [2012/03/26 11:28:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll [2012/03/26 11:28:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll [2012/03/26 11:28:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll [2012/03/26 11:28:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll [2012/03/26 11:28:14 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll [2012/03/26 11:28:14 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll [2012/03/26 11:28:14 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll [2012/03/26 11:28:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe [2012/03/26 11:28:14 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll [2012/03/26 11:28:14 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll [2012/03/26 11:28:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll [2012/03/26 11:28:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll [2012/03/26 11:28:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll [2012/03/26 11:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll [2012/03/26 11:28:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll [2012/03/26 11:28:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll [2012/03/26 11:28:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll [2012/03/26 11:28:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe [2012/03/26 11:28:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe [2012/03/26 11:28:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll [2012/02/05 23:32:42 | 000,000,048 | ---- | C] () -- C:\Windows\fpengine.INI [2012/01/05 19:43:44 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc [2011/12/30 01:49:00 | 000,000,084 | ---- | C] () -- C:\Users\Charles\Videos.scn [2011/12/30 01:18:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011/12/16 00:07:35 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011/12/16 00:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011/12/16 00:01:08 | 000,000,576 | ---- | C] () -- C:\Windows\Brownie.ini [2011/12/14 17:45:26 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI [2011/10/29 21:56:49 | 000,000,273 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg.scn [2011/10/29 21:42:58 | 2793,998,336 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg [2010/12/27 23:26:38 | 005,394,432 | ---- | C] () -- C:\Users\Charles\s-1-5-21-849950591-2780344445-553799950-1001.rrr [2010/05/29 14:12:29 | 000,000,095 | -H-- | C] () -- C:\Users\Charles\AppData\Local\fusioncache.dat [2010/01/30 00:06:49 | 000,007,620 | -H-- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat [2009/12/18 07:38:47 | 000,008,623 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009_navi.JP G [2009/12/18 07:38:46 | 000,023,086 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009.JPG [2009/12/18 00:28:36 | 000,034,745 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.JPG [2009/12/18 00:28:36 | 000,029,867 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.0 [2009/12/12 18:42:40 | 000,008,704 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/08/08 17:53:37 | 000,000,000 | -HSD | M] -- C:\Users\Charles\AppData\Roaming\.# [2010/10/05 08:44:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GetRightToGo [2013/06/18 05:19:52 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ID Vault [2009/12/12 15:09:43 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\ImTOO Software Studio [2011/12/30 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IObit [2009/12/24 03:10:44 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\LG Electronics [2009/12/12 20:48:23 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\NCH Swift Sound [2011/12/24 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ooVoo Details [2010/12/04 19:17:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Opera [2012/07/12 13:49:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Participatory Culture Foundation [2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PC Cleaners [2010/12/16 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCFix [2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCPro [2013/03/31 23:18:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PhotoScape [2010/10/05 08:44:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Pro800-Pro900 Series [2011/05/14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sammsoft [2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Seattle Avionics [2011/03/03 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies [2010/10/24 07:11:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies Inc [2013/05/10 02:29:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Strongvault [2013/01/19 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeamViewer [2010/01/30 00:06:52 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\Template [2010/11/18 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Thunderbird [2011/11/30 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tific [2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TomTom [2011/04/22 08:23:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Trusteer [2011/02/08 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TS3Client [2012/09/18 23:21:39 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\TuneUpMedia [2010/11/03 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Walgreens [2009/12/02 22:48:01 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\WinBatch [2012/04/17 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1 |
#20
|
||||
|
||||
Firefox and IE are both working much better with no apparent slowdown.
|
#21
|
||||
|
||||
Then we are finished
Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Hiding Hidden Files Please set your system to hide all hidden files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders. Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Purging System Restore Points Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Make Internet Explorer 7 more secure
If we have helped you, please consider supporting Cyber Tech Help with a subscription. |
#22
|
||||
|
||||
Thanks for the assistance.
|
#23
|
||||
|
||||
You're welcome
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
what's in this file slowing me down now please?(Moved by Murf) | rnsbg | Malware Removal | 9 | August 10th, 2017 09:10 PM |
Weird connections I can see with TCP View-Moved by MURF | Chris427 | Malware Removal | 26 | November 23rd, 2014 01:19 AM |
Browser hijack / jump - Moved by Murf | Sancho-Panza | Malware Removal | 13 | February 17th, 2010 10:21 PM |
HijackThis Log File (Moved from Hardware-Murf) | Siamese Dog | Malware Removal | 1 | November 11th, 2006 06:31 AM |
My hijack this log - Moved to Hardware - Murf | Roxie | Hardware | 18 | June 17th, 2005 02:08 AM |
All times are GMT +1. The time now is 07:52 PM.