Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

MahnaMahna Hijackware Problem

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Tue Aug 14, 2012 11:56 am    Post subject: MahnaMahna Hijackware Problem Reply with quote
Hello,

Below is my log from HijackThis. A week ago I contracted the "Smart HDD" virus that reported false errors on my system. Going to a former restore point removed the virus. I then did a scan with Micro Trend's House Call to make sure the system was all clear. The next day the browser hijacking began. Internet Explorer has been redirecting to websites I do not intend to visit. Also, if I do not disable the "Shockwave Flash Object" add-on, I occassionaly hear phantom advertisements, though no windows are open. I have had to uninstall and reinstall Java and Flash due to possibly unrelated issues. Also, when I shut down, I notice that there is a delay while the system waits for a background program to close. I have installed and completed a scan with MalwareBytes, Browser Hijack Recover, SUPERAntiSpyware, and possibly a couple other programs and have not been able to successfully remove the hijackware. Any assistance you can provide would be greatly appreciated!


Logfile of HijackThis v1.99.1
Scan saved at 12:37:11 PM, on 8/14/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Running processes:
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Users\Nicole\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


Thanks!
MahnaMahna (Nicole)
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Wed Aug 15, 2012 2:30 am    Post subject: Reply with quote
Back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Wed Aug 15, 2012 2:33 am    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your HJT log shows you have a 64 bit version of Windows 7, HJT was not designed to report on that system so its reports cannot be relied upon. I need you to run some extra scans for me.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 6:37 am    Post subject: Reply with quote
OTL logfile created on: 8/15/2012 7:00:43 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 66.26% Memory free
11.60 Gb Paging File | 9.35 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 530.86 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: ASMLAPTOP | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 06:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012/02/04 06:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:08:33 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 07:08:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:08:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 07:07:56 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/15 07:12:25 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 07:04:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 07:03:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 07:03:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 07:03:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 07:03:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 07:03:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/08/01 10:55:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/08/01 10:55:18 | 000,132,416 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/08/01 10:54:46 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 16:54:02 | 000,864,032 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/15 06:45:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/27 07:41:47 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/06/08 14:11:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/08 13:52:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/10 17:01:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/01/08 05:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/12 21:23:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {354DEFD8-1951-4F8B-8D05-C9868562ACF0}
IE:64bit: - HKLM\..\SearchScopes\{354DEFD8-1951-4F8B-8D05-C9868562ACF0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKLM\..\SearchScopes\{14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/08/08 10:15:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2870B79D-3170-4FE5-8E95-32A9FCBD1918}: DhcpNameServer = 13.35.0.1 13.35.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E582A826-F2ED-41F4-BE6C-7C0C22346F3D}: DhcpNameServer = 192.168.0.1 205.171.3.65
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/06 18:29:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 08:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2012/08/13 13:44:57 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/13 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/13 12:52:34 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:44:50 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/13 12:44:49 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 12:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
[2012/08/13 12:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Hijack Recover
[2012/08/13 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/13 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/10 09:38:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2012/08/10 08:46:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/09 13:29:39 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/09 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/09 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Google
[2012/08/09 13:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/08 11:35:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/08 10:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/08 10:35:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 09:35:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 09:35:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 09:35:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 09:34:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/08 09:15:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 09:14:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 08:55:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2012/08/08 08:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 10:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

========== Files - Modified Within 30 Days ==========

[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:45:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 06:45:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:45:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 06:45:38 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/15 06:44:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 06:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 06:43:14 | 376,831,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 14:26:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | M] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 11:36:36 | 000,799,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 11:36:36 | 000,676,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 11:36:36 | 000,126,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 10:52:34 | 000,000,199 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2012/08/08 10:15:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/07 07:09:23 | 000,832,625 | ---- | M] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | M] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | M] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/08/13 12:44:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | C] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/09 13:10:54 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 13:10:53 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 12:27:54 | 000,001,976 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/08/08 09:35:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 09:35:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 09:35:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 09:35:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 09:35:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 07:09:23 | 000,832,625 | ---- | C] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | C] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | C] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/15 19:32:28 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GetHostIP.exe
[2011/12/15 19:31:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nssckbi.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/19 09:05:20 | 000,066,660 | ---- | C] () -- C:\Program Files (x86)\files_Disney.ttf
[2011/01/27 07:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/22 10:31:18 | 000,000,199 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2010/09/22 10:25:18 | 000,001,058 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/21 09:41:37 | 000,000,969 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/21 09:41:37 | 000,000,162 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/21 09:38:47 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/09/21 09:38:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/09/21 09:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/12 17:19:14 | 000,038,388 | -H-- | C] () -- C:\Users\Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/10 16:51:27 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/10 16:51:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/09 12:45:20 | 000,814,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/09 12:02:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/08/06 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Autodesk
[2012/08/13 11:58:43 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\BitZipper
[2011/01/27 07:42:25 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\EDrawings
[2012/08/06 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PC-FAX TX
[2011/01/18 12:20:26 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\PCDr
[2012/08/10 09:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2011/05/19 13:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\Windows Live Writer
[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/10 09:00:50 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 6:37 am    Post subject: OTL.txt Reply with quote
OTL logfile created on: 8/15/2012 7:00:43 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 66.26% Memory free
11.60 Gb Paging File | 9.35 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 530.86 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: ASMLAPTOP | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 06:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012/02/04 06:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:08:33 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 07:08:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:08:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 07:07:56 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/15 07:12:25 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 07:04:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 07:03:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 07:03:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 07:03:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 07:03:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 07:03:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/08/01 10:55:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/08/01 10:55:18 | 000,132,416 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/08/01 10:54:46 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 16:54:02 | 000,864,032 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/15 06:45:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/27 07:41:47 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/06/08 14:11:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/08 13:52:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/10 17:01:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/01/08 05:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/12 21:23:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {354DEFD8-1951-4F8B-8D05-C9868562ACF0}
IE:64bit: - HKLM\..\SearchScopes\{354DEFD8-1951-4F8B-8D05-C9868562ACF0}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKLM\..\SearchScopes\{14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/08/08 10:15:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2870B79D-3170-4FE5-8E95-32A9FCBD1918}: DhcpNameServer = 13.35.0.1 13.35.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E582A826-F2ED-41F4-BE6C-7C0C22346F3D}: DhcpNameServer = 192.168.0.1 205.171.3.65
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/06 18:29:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 08:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2012/08/13 13:44:57 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/13 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/13 12:52:34 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:44:50 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/13 12:44:49 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 12:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
[2012/08/13 12:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Hijack Recover
[2012/08/13 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/13 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/10 09:38:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2012/08/10 08:46:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/09 13:29:39 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/09 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/09 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Google
[2012/08/09 13:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/08 11:35:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/08 10:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/08 10:35:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 09:35:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 09:35:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 09:35:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 09:34:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/08 09:15:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 09:14:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 08:55:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2012/08/08 08:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 10:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

========== Files - Modified Within 30 Days ==========

[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:45:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 06:45:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:45:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 06:45:38 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/15 06:44:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 06:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 06:43:14 | 376,831,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 14:26:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | M] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 11:36:36 | 000,799,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 11:36:36 | 000,676,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 11:36:36 | 000,126,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 10:52:34 | 000,000,199 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2012/08/08 10:15:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/07 07:09:23 | 000,832,625 | ---- | M] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | M] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | M] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/08/13 12:44:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | C] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/09 13:10:54 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 13:10:53 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 12:27:54 | 000,001,976 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/08/08 09:35:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 09:35:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 09:35:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 09:35:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 09:35:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 07:09:23 | 000,832,625 | ---- | C] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | C] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | C] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/15 19:32:28 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GetHostIP.exe
[2011/12/15 19:31:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nssckbi.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/19 09:05:20 | 000,066,660 | ---- | C] () -- C:\Program Files (x86)\files_Disney.ttf
[2011/01/27 07:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/22 10:31:18 | 000,000,199 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2010/09/22 10:25:18 | 000,001,058 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/21 09:41:37 | 000,000,969 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/21 09:41:37 | 000,000,162 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/21 09:38:47 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/09/21 09:38:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/09/21 09:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/12 17:19:14 | 000,038,388 | -H-- | C] () -- C:\Users\Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/10 16:51:27 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/10 16:51:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/09 12:45:20 | 000,814,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/09 12:02:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/08/06 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Autodesk
[2012/08/13 11:58:43 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\BitZipper
[2011/01/27 07:42:25 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\EDrawings
[2012/08/06 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PC-FAX TX
[2011/01/18 12:20:26 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\PCDr
[2012/08/10 09:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2011/05/19 13:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\Windows Live Writer
[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/10 09:00:50 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 6:38 am    Post subject: OTL.txt Reply with quote
OTL logfile created on: 8/15/2012 7:00:43 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 66.26% Memory free
11.60 Gb Paging File | 9.35 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 530.86 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: ASMLAPTOP | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 06:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012/02/04 06:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:08:33 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 07:08:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:08:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 07:07:56 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/15 07:12:25 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 07:04:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 07:03:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 07:03:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 07:03:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 07:03:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 07:03:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/08/01 10:55:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/08/01 10:55:18 | 000,132,416 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/08/01 10:54:46 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 16:54:02 | 000,864,032 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/15 06:45:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/04 05:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/27 07:41:47 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2010/08/04 17:38:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/06/08 14:11:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/08 13:52:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/10 17:01:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/01/08 05:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/12 21:23:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {354DEFD8-1951-4F8B-8D05-C9868562ACF0}
IE:64bit: - HKLM\..\SearchScopes\{354DEFD8-1951-4F8B-8D05-C9868562ACF0}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKLM\..\SearchScopes\{14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\SearchScopes,DefaultScope = {14DEF191-BDC9-4DC9-A67E-FF4DB4464A06}
IE - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/08/08 10:15:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-40008613-533655973-2503720805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2870B79D-3170-4FE5-8E95-32A9FCBD1918}: DhcpNameServer = 13.35.0.1 13.35.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E582A826-F2ED-41F4-BE6C-7C0C22346F3D}: DhcpNameServer = 192.168.0.1 205.171.3.65
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/06 18:29:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 08:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2012/08/13 13:44:57 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/13 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/13 12:52:34 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:52:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:44:50 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/13 12:44:49 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 12:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
[2012/08/13 12:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Hijack Recover
[2012/08/13 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/13 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/13 12:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/10 09:38:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2012/08/10 08:46:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/09 13:29:39 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/09 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/09 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Google
[2012/08/09 13:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/08 11:35:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/08 10:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/08 10:35:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 09:35:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 09:35:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 09:35:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 09:34:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/08 09:15:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 09:14:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 08:55:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2012/08/08 08:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 10:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

========== Files - Modified Within 30 Days ==========

[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:50:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 06:45:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 06:45:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:45:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 06:45:38 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/15 06:44:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 06:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 06:43:14 | 376,831,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 14:26:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/13 12:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | M] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 11:36:36 | 000,799,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 11:36:36 | 000,676,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 11:36:36 | 000,126,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 10:52:34 | 000,000,199 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2012/08/08 10:15:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/07 07:09:23 | 000,832,625 | ---- | M] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | M] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | M] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/08/13 12:44:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 12:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\8104297.jun
[2012/08/13 12:23:22 | 000,001,056 | ---- | C] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/13 12:14:28 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/09 13:10:54 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 13:10:53 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 12:27:54 | 000,001,976 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/08/08 09:35:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 09:35:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 09:35:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 09:35:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 09:35:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 07:09:23 | 000,832,625 | ---- | C] () -- C:\Users\Nicole\AppData\Local\census.cache
[2012/08/07 07:09:13 | 000,108,176 | ---- | C] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2012/08/07 06:52:22 | 000,000,036 | ---- | C] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/15 19:32:28 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GetHostIP.exe
[2011/12/15 19:31:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nssckbi.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/19 09:05:20 | 000,066,660 | ---- | C] () -- C:\Program Files (x86)\files_Disney.ttf
[2011/01/27 07:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/22 10:31:18 | 000,000,199 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2010/09/22 10:25:18 | 000,001,058 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/21 09:41:37 | 000,000,969 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/21 09:41:37 | 000,000,162 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/21 09:38:47 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/09/21 09:38:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/09/21 09:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/12 17:19:14 | 000,038,388 | -H-- | C] () -- C:\Users\Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/10 16:51:27 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/10 16:51:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/09 12:45:20 | 000,814,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/09 12:02:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/08/06 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Autodesk
[2012/08/13 11:58:43 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\BitZipper
[2011/01/27 07:42:25 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\EDrawings
[2012/08/06 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PC-FAX TX
[2011/01/18 12:20:26 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\PCDr
[2012/08/10 09:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2011/05/19 13:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Nicole\AppData\Roaming\Windows Live Writer
[2012/08/15 06:58:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/10 09:00:50 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/13 12:36:11 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
[2012/08/14 12:14:01 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
[2012/08/14 12:34:04 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 6:40 am    Post subject: Extras.txt Reply with quote
OTL Extras logfile created on: 8/15/2012 7:00:43 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 66.26% Memory free
11.60 Gb Paging File | 9.35 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 530.86 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: ASMLAPTOP | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDB0888-6370-4E73-91F3-865622CB870C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13B5E837-BE54-4A0C-B102-FCC775DA34E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{24AE9FAA-AADB-4A9B-B41D-BDA6581352EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37BF5F71-6AAC-412D-807A-F25C818A5745}" = rport=138 | protocol=17 | dir=out | app=system |
"{4679691E-EC13-45DC-BE5E-BBBFC82CEA5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{492F37E6-957E-43A9-8FBC-27726AA2C8B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{49B50E38-BEFF-428F-B916-B7E9FCF28FC8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F50307E-06FA-4326-AEF0-376AB71F9117}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54E98CEC-10E1-445E-9AB3-DDAC3929A5FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55BCC7AA-CDE7-4797-A7BD-F941905320EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{5661BD47-1706-498F-827A-0E044110E487}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59ABF8CF-0C7B-48B1-91BE-7D2414438AD5}" = lport=138 | protocol=17 | dir=in | app=system |
"{778B33EF-BF6C-4229-942F-17A3A4034F4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F439B29-ADF1-4FA0-BA40-F4DFC065E2A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{821EB00F-5A9C-4982-AF9A-21C5C1B1EC23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{861F72E7-D62E-48AB-A7CD-1CBE9FC14899}" = lport=137 | protocol=17 | dir=in | app=system |
"{88223453-9C4C-48FA-8E8F-639E62CD8251}" = rport=445 | protocol=6 | dir=out | app=system |
"{919E06E1-FF94-4F0C-9686-D74D0CDF1B57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9459C9C1-41C1-40C3-82EF-56DD3AAE4E9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{957C57BA-7B66-4F52-95B3-E94D2461F8C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BB510D6-42E5-403C-A65A-9D858D32F12D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4444DF5-D13B-4FC4-85F8-7AD8E938F3B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA2BACB0-9150-4622-BE33-DA905EC6930F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C953B333-9FCC-4715-B50F-A843102B4256}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C9572DC4-CC62-41BA-8F86-7DFBF8D6E0EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D8F57FB9-6CDB-4D3B-856A-2CA4CA9AA7C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA4C8535-D06B-4304-865F-FDFE83D95590}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE521FBA-8A5E-42E7-971C-ADE54557B166}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F76F5B2-DF5A-42C8-8EFB-13FACF9F7966}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F5B2496-98C2-4883-9E49-16B7A570E83E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1F70823B-CFDA-4049-8B05-24E80E18CA3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{25B7DD77-83B2-4DFE-B3CC-05A615B1DD68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E80E990-A7A0-4F61-B4BA-071B612B565D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{368A9005-A15C-4791-92D6-DD83C26104DF}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |
"{43540588-2849-469D-AC5D-33CA5E67BE59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55DA1FA2-55D2-4FB9-AA8D-F9005068439A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65FBB264-0C4C-4734-AC94-6277410C2376}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6F5B946A-B772-4663-A4C7-CEC23813666A}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |
"{7929D3CA-C6C0-4B0F-8DD7-7DE8193B4311}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |
"{7B0FC657-FC63-4834-907A-A00289D4F17A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E354265-CB5F-4E01-BBC9-143718EDF8F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{80CA685D-F2C8-4AFD-A2AE-B64A91DB0010}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |
"{95879E8A-0966-44F3-AD30-E88AA93722B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99E3E486-4D1D-433A-87C9-1FD53607E453}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9AACA357-44AE-4259-B0F1-2C05A9C56490}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{B5B5D0BF-7D55-4DAC-88E2-705065827557}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B686F9E6-00E6-4377-8BC0-D229A0D374B2}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |
"{B7CD6C3E-FCB9-4219-B12E-7940622D5DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B96C7C4E-C758-477F-A99E-ECC5E2303C79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C64B02EC-F4B8-48A4-B209-15CDD0B046C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8B03B2C-25F0-44F2-9CF5-384BD296F27D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF65C1FB-309E-438D-B988-5D80C5F86E1F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D58B4697-6112-4476-9DC7-F78643A37785}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DB0DD4F5-82F4-4496-8339-3C80DAC2A0CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DF2F96C5-B13F-4B25-B283-4C46D303313B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4BD8A8C-3417-4C05-AB75-9B214E806F73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0859CEF-94E4-4E63-9E23-ECE2943281F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2AA2D12-653B-4A3C-9D5F-33D5DD9E40A3}" = protocol=6 | dir=out | app=system |
"{F7CCD61F-B96F-4D3C-9D41-B7C616391E1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F81935E3-8438-47CB-89B5-F9DEE0F7F0D1}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |
"{FC7A9D8E-BC4F-43CF-9AD2-89AE4215E914}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CA055CD5-8A41-47EC-8C95-D109E6C94C0E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{ED564252-5E88-4291-9EDE-6D161D3468FC}C:\users\nicole\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nicole\appdata\roaming\spotify\spotify.exe |
"UDP Query User{06AC4B2F-3F45-430F-8F3C-47DAD1C41DD6}C:\users\nicole\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nicole\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2BB4B9AF-99E1-4B73-A252-52A9C5F13899}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D27FC5AD-557E-45C5-B617-86F003F80D2D}" = SolidWorks eDrawings 2011 x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"DWG TrueView 2011" = DWG TrueView 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A436-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Mfg and Whsle Edition 2010
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5540F934-06D9-4DCE-B7D4-93DBA58D0338}" = WorldShip
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{98C4DE92-27C8-482C-8431-514828756E80}" = Reconciler
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5F49A22-28A7-4738-AC9B-322EFCA29FB9}" = FOSS
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}" = ReportServer
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E85B767C-AD1B-41FA-8CEF-C927ABB1D275}" = AlignmentUtility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAAF59A3-4B9A-4B8F-A43F-821E8DA8DA95}" = WSShared
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"IDAutomation.com Code 39 Free Font" = IDAutomation.com Code 39 Free Font
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Plants vs. Zombies" = Plants vs. Zombies
"UPS WorldShip" = UPS WorldShip
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 3:32:38 PM | Computer Name = ASMLaptop | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2012/08/13 12:32:38.738]: [00004504]: Error :
ExecMonitor()

Error - 8/13/2012 3:32:38 PM | Computer Name = ASMLaptop | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2012/08/13 12:32:38.738]: [00004504]: FrendlyName
: Brother MFC-6490CW Wireless Office

Error - 8/13/2012 3:32:38 PM | Computer Name = ASMLaptop | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2012/08/13 12:32:38.738]: [00004504]: Don't Create
FileMapping!!!!

Error - 8/13/2012 4:18:21 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/13/2012 4:18:21 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/13/2012 4:18:21 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/14/2012 10:43:58 AM | Computer Name = ASMLaptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 8/14/2012 1:08:18 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/14/2012 1:08:18 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/14/2012 1:08:18 PM | Computer Name = ASMLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ Dell Events ]
Error - 3/8/2011 1:42:36 PM | Computer Name = ASMLaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 10/3/2010 6:42:57 PM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 3:42:57 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 7/12/2011 10:14:24 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 7:14:24 AM - Error connecting to the internet. 7:14:24 AM - Unable
to contact server..

Error - 7/12/2011 10:14:58 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 7:14:53 AM - Error connecting to the internet. 7:14:53 AM - Unable
to contact server..

Error - 7/21/2011 10:07:27 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 7:07:27 AM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 7/21/2011 10:07:44 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 7:07:33 AM - Error connecting to the internet. 7:07:33 AM - Unable
to contact server..

Error - 8/10/2011 9:53:20 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 6:53:20 AM - Error connecting to the internet. 6:53:20 AM - Unable
to contact server..

Error - 8/10/2011 9:53:30 AM | Computer Name = ASMLaptop | Source = MCUpdate | ID = 0
Description = 6:53:25 AM - Error connecting to the internet. 6:53:25 AM - Unable
to contact server..

[ System Events ]
Error - 8/13/2012 3:37:21 PM | Computer Name = ASMLaptop | Source = DCOM | ID = 10016
Description =

Error - 8/13/2012 3:39:22 PM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 8/14/2012 9:51:43 AM | Computer Name = ASMLaptop | Source = DCOM | ID = 10016
Description =

Error - 8/14/2012 9:52:26 AM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 8/14/2012 3:34:43 PM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 8/14/2012 3:35:13 PM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 8/14/2012 3:35:26 PM | Computer Name = ASMLaptop | Source = DCOM | ID = 10016
Description =

Error - 8/15/2012 9:44:33 AM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 8/15/2012 9:44:38 AM | Computer Name = ASMLaptop | Source = DCOM | ID = 10016
Description =

Error - 8/15/2012 9:45:03 AM | Computer Name = ASMLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 6:44 am    Post subject: TDSSKiller Reply with quote
Hi Gary,

TDSSKiller will not run. I have tried several times in the past and could not get it to run. I tried renaming it and running as administrator but to no avail.

This time, it did something unique. When I unzipped it to my desktop, I double-clicked it and it began to operate, but then requested that I reboot. I did so, and now it is again refusing to run. It gets as far as the UAS prompt and then does nothing.

Please advise.

Thank you,
Nicole
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Wed Aug 15, 2012 6:55 am    Post subject: Reply with quote
I see you ran Combofix on the 8th August, can you post me the log from that please, you'll find it at ..... C:\Combofix.txt

Since TDSSKiller won't run, let's try something else ....


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.



Summary of the logs I need from you in your next post:

  • Old Combofix log if you have it. (if not let me know).
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 7:04 am    Post subject: Combofix Log Reply with quote
ComboFix 12-08-07.05 - Nicole 08/08/2012 9:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4337 [GMT -7:00]
Running from: c:\users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX0GA8N3\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\programdata\Renamed1
c:\users\Nicole\Documents\~WRL0001.tmp
c:\users\Nicole\Documents\~WRL0685.tmp
c:\users\Nicole\Documents\~WRL1439.tmp
c:\users\Nicole\Documents\~WRL1492.tmp
c:\users\Nicole\Documents\~WRL1863.tmp
c:\users\Nicole\Documents\~WRL1910.tmp
c:\users\Nicole\Documents\~WRL3905.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 17:14 . 2012-08-08 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 16:14 . 2012-08-08 16:14 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F123CEB-16F3-4F5C-A19F-44C532EC14B0}\offreg.dll
2012-08-08 15:57 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F123CEB-16F3-4F5C-A19F-44C532EC14B0}\mpengine.dll
2012-08-08 15:55 . 2012-08-08 15:55 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-08-08 15:55 . 2012-08-08 15:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 15:55 . 2012-08-08 15:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-07 13:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 17:05 . 2012-07-31 17:05 -------- d-----w- c:\program files (x86)\Amazon
2012-07-11 23:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 23:06 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 23:06 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 15:23 . 2012-04-04 13:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 15:23 . 2011-05-19 14:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:08 . 2010-09-20 13:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 14:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 14:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 14:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-30 14:22 . 2012-05-30 14:22 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Spotify Web Helper"="c:\users\Nicole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-03 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2012-03-03 24576]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2011-12-2 422912]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2011-12-2 34304]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-05 65536]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:23]
.
2012-07-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-05 3178064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 10:35:04
ComboFix-quarantined-files.txt 2012-08-08 17:34
.
Pre-Run: 552,702,758,912 bytes free
Post-Run: 553,004,625,920 bytes free
.
- - End Of File - - DA490705A8FFE1E67E60FEADC9B84BEB
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Wed Aug 15, 2012 7:14 am    Post subject: aswMBR.exe Reply with quote
Sorry, I can't get aswMBR.exe to run either.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Wed Aug 15, 2012 11:31 am    Post subject: Reply with quote
OK, since we can't get a TDSSKiller or aswMBR scan to run, I'd like to run a scan of your computer when Windows isn't loaded, that way any infection can't interfere with the scan results. For this you'll need a USB flash drive.


  • Download FRST64 to a USB flash drive.

  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment


  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...





  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.

      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.


  • Next

    • Type services.exe;explorer.exe into the Search: box in FRST
    • Click the Search Files button.
    • FRST will scan your machine once more, this time looking for files.
    • When finished scanning it will make a log Search.txt on the flash drive.

  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log and the Search.txt log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 7:37 am    Post subject: FRST64 Reply with quote
Unbelievable...I can't get it to proceed to the "System Recovery Options" window. I got it to the Advanced Options Menu, I selected "Repair Your Computer" and then it says "Windows is loading..." with a loading bar and just freezes there indefinitely. I tried it several times, and waited 20 minutes, but it never proceeds.

Any other ideas?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Thu Aug 16, 2012 7:51 am    Post subject: Reply with quote
Did your computer come with Windows pre-installed, or did you install it yourself.

If the former did you create a "repair disk" ?

If the latter do you have your Windows install disk ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 8:33 am    Post subject: Reply with quote
My computer came with Windows pre-installed, and no, I didn't create a "repair disk" (oops) and they do not supply the installation disk, but I can request one from Dell. I do have Dell DataSafe Local Backup that is supposed to allow me to restore to factory condition if I need to. Then again, some of their instructions also direct me to use the same process I was just unable to proceed from. I also am not quite clear on whether this would remove Windows or not, so I would probably need to order that disk before I start reformatting.
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 8:33 am    Post subject: Windows Install Disk Reply with quote
My computer came with Windows pre-installed, and no, I didn't create a "repair disk" (oops) and they do not supply the installation disk, but I can request one from Dell. I do have Dell DataSafe Local Backup that is supposed to allow me to restore to factory condition if I need to. Then again, some of their instructions also direct me to use the same process I was just unable to proceed from. I also am not quite clear on whether this would remove Windows or not, so I would probably need to order that disk before I start reformatting.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Thu Aug 16, 2012 12:16 pm    Post subject: Reply with quote
You should be able to create a "repair disk" using Windows (provided that facility hasn't been tinkered with).

To do so you'll need a recordable DVD disk.


  • Click Control Panel > System and Security > Backup and Restore
  • Now click on create a system repair disk (top left side of the window)
  • Insert a recoradable DVD disk into your disk drive
  • Click Create disc
  • Follow any prompts until finished.


Next


  • Download FRST64 to a USB flash drive. (you've already done this part)
  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment


  • Change the BIOS boot order so that the computer boots from the CD/DVD drive first.
  • Insert the System Repair Disk.
  • Restart the computer.
  • When booting to a Windows setup CD/DVD you may be prompted with a message to press a key to boot to the disc. Press any key on the keyboard while the message is on the screen, otherwise the computer will try to boot from the next item in the Bios list (usually the hard drive).
  • The computer should now boot from the CD/DVD.
  • Enter the language, time etc and click next, you should see a screen similar to the one below (this one's for Vista but the one for W7 is similar)...





  • Click on Repair your computer.
  • Choose the Operating System to repair and click Next, you should now see the screen below ...





  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.

      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.


  • Next

    • Type services.exe;explorer.exe into the Search: box in FRST
    • Click the Search Files button.
    • FRST will scan your machine once more, this time looking for files.
    • When finished scanning it will make a log Search.txt on the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt and the Search.txt log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 2:06 pm    Post subject: Success! FRST.txt Reply with quote
Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 16-08-2012 14:44:27
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2012-01-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392984 2012-01-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2012-01-11] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Nicole\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -sUPSWSDBSERVER [29293408 2010-12-10] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-15 17:27 - 2012-07-06 15:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 17:25 - 2012-06-28 23:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 17:25 - 2012-06-28 23:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 17:25 - 2012-06-28 22:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 17:25 - 2012-06-28 22:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 17:25 - 2012-06-28 22:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 17:25 - 2012-06-28 22:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 17:25 - 2012-06-28 22:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 17:25 - 2012-06-28 22:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 17:25 - 2012-06-28 22:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 17:25 - 2012-06-28 22:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 17:25 - 2012-06-28 22:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 17:25 - 2012-06-28 22:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 17:25 - 2012-06-28 22:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 17:25 - 2012-06-28 22:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 17:25 - 2012-06-28 19:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 17:25 - 2012-06-28 19:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 17:25 - 2012-06-28 19:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 17:25 - 2012-06-28 19:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 17:25 - 2012-06-28 19:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 17:25 - 2012-06-28 19:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 17:25 - 2012-06-28 19:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 17:25 - 2012-06-28 19:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 17:25 - 2012-06-28 19:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 17:25 - 2012-06-28 19:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 17:25 - 2012-06-28 19:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 17:25 - 2012-06-28 19:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 17:25 - 2012-06-28 19:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 17:25 - 2012-06-28 18:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 09:17 - 2012-08-15 09:17 - 00077874 ____A C:\Users\Nicole\Desktop\OTL.Txt
2012-08-15 09:17 - 2012-08-15 09:17 - 00068292 ____A C:\Users\Nicole\Desktop\Extras.Txt
2012-08-15 09:07 - 2012-08-15 09:07 - 00068292 ____A C:\Users\Nicole\Downloads\Extras.Txt
2012-08-15 09:04 - 2012-08-15 09:04 - 00077874 ____A C:\Users\Nicole\Downloads\OTL.Txt
2012-08-15 09:04 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 09:04 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 09:04 - 2012-02-11 01:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 09:04 - 2012-02-11 01:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 09:04 - 2012-02-11 01:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 09:04 - 2012-02-11 00:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 09:01 - 2012-07-04 17:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 09:01 - 2012-07-04 17:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 09:01 - 2012-07-04 17:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 09:01 - 2012-07-04 16:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 09:01 - 2012-07-04 16:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 09:00 - 2012-07-18 13:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 09:00 - 2012-05-14 00:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 08:57 - 2012-08-15 08:58 - 00596992 ____A (OldTimer Tools) C:\Users\Nicole\Downloads\OTL.exe
2012-08-14 14:38 - 2012-08-14 14:38 - 00008761 ____A C:\Users\Nicole\Desktop\hijackthis.log
2012-08-14 10:10 - 2012-08-14 14:37 - 00008761 ____A C:\Users\Nicole\Downloads\hijackthis.log
2012-08-14 10:04 - 2012-08-14 10:04 - 00218112 ____A (Soeperman Enterprises Ltd.) C:\Users\Nicole\Downloads\HijackThis.exe
2012-08-14 10:03 - 2012-08-14 10:03 - 00000000 ____D C:\Program Files (x86)\HijackThis
2012-08-13 15:44 - 2012-08-15 08:45 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-13 15:22 - 2012-08-14 16:08 - 00024576 __ASH C:\Users\Nicole\Desktop\Thumbs.db
2012-08-13 14:52 - 2012-08-13 14:52 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-08-13 14:52 - 2012-08-13 14:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-13 14:52 - 2012-08-13 14:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-13 14:52 - 2012-07-06 00:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-13 14:44 - 2012-08-16 15:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 14:44 - 2012-08-15 08:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-13 14:44 - 2012-08-15 08:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 14:23 - 2012-08-13 14:23 - 00000000 ____D C:\Program Files (x86)\Browser Hijack Recover
2012-08-13 14:23 - 2012-08-13 14:23 - 00000000 ____A C:\Windows\SysWOW64\8104297.jun
2012-08-13 14:14 - 2012-08-16 14:14 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
2012-08-13 14:14 - 2012-08-13 14:36 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
2012-08-13 14:14 - 2012-08-13 14:14 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-13 14:14 - 2012-08-13 14:14 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-08-13 14:14 - 2012-08-13 14:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-10 11:38 - 2012-08-10 11:38 - 00000000 ____D C:\Users\Nicole\Application Data\TuneUp Software
2012-08-10 11:38 - 2012-08-10 11:38 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\TuneUp Software
2012-08-10 10:46 - 2012-08-10 10:46 - 00000000 ____D C:\Users\Nicole\Application Data\SUPERAntiSpyware.com
2012-08-10 10:46 - 2012-08-10 10:46 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 15:29 - 2012-07-06 00:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-09 15:11 - 2012-08-13 08:38 - 00000000 ____D C:\Program Files\Google
2012-08-09 15:10 - 2012-08-16 16:26 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 15:10 - 2012-08-16 15:26 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-09 15:10 - 2012-08-13 08:38 - 00000000 ____D C:\Program Files (x86)\Google
2012-08-09 15:10 - 2012-08-10 11:34 - 00000000 ____D C:\Users\Nicole\Local Settings\Google
2012-08-09 15:10 - 2012-08-10 11:34 - 00000000 ____D C:\Users\Nicole\Local Settings\Application Data\Google
2012-08-09 15:10 - 2012-08-10 11:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\Google
2012-08-08 13:35 - 2012-08-08 14:27 - 00000000 ____D C:\Windows\pss
2012-08-08 12:35 - 2012-08-08 12:35 - 00018338 ____A C:\ComboFix.txt
2012-08-08 11:35 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-08 11:35 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-08 11:35 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-08 11:35 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-08 11:35 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-08 11:35 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-08 11:35 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-08 11:35 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-08 11:34 - 2012-08-08 12:35 - 00000000 ____D C:\ComboFix
2012-08-08 11:15 - 2012-08-08 12:35 - 00000000 ____D C:\Qoobox
2012-08-08 11:14 - 2012-08-08 12:20 - 00000000 ____D C:\Windows\erdnt
2012-08-08 10:55 - 2012-08-08 10:55 - 00000000 ____D C:\Users\Nicole\Application Data\Malwarebytes
2012-08-08 10:55 - 2012-08-08 10:55 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Malwarebytes
2012-08-08 10:55 - 2012-08-08 10:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-08 10:55 - 2012-08-08 10:55 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-08 10:15 - 2012-08-13 15:41 - 00067072 __ASH C:\Users\Nicole\My Documents\Thumbs.db
2012-08-08 10:15 - 2012-08-13 15:41 - 00067072 __ASH C:\Users\Nicole\Documents\Thumbs.db
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\Local Settings\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\Local Settings\Application Data\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\AppData\Local\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\Local Settings\ars.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\Local Settings\Application Data\ars.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\AppData\Local\ars.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\Local Settings\housecall.guid.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\Local Settings\Application Data\housecall.guid.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\AppData\Local\housecall.guid.cache
2012-07-31 12:05 - 2012-07-31 12:05 - 00000000 ____D C:\Program Files (x86)\Amazon


============ 3 Months Modified Files ========================

2012-08-16 16:37 - 2012-04-18 11:09 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-16 16:37 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-16 16:37 - 2009-07-13 23:51 - 00001858 ____A C:\Windows\setupact.log
2012-08-16 16:35 - 2009-07-14 00:10 - 01209159 ____A C:\Windows\WindowsUpdate.log
2012-08-16 16:26 - 2012-08-09 15:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-16 16:16 - 2009-07-14 00:13 - 00799942 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-16 15:44 - 2012-08-13 14:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-16 15:26 - 2012-08-09 15:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-16 14:14 - 2012-08-13 14:14 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
2012-08-16 08:48 - 2009-07-13 23:45 - 00520312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 02:39 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-16 02:39 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 17:23 - 2010-09-20 08:53 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 09:21 - 2012-04-18 11:09 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-15 09:17 - 2012-08-15 09:17 - 00077874 ____A C:\Users\Nicole\Desktop\OTL.Txt
2012-08-15 09:17 - 2012-08-15 09:17 - 00068292 ____A C:\Users\Nicole\Desktop\Extras.Txt
2012-08-15 09:07 - 2012-08-15 09:07 - 00068292 ____A C:\Users\Nicole\Downloads\Extras.Txt
2012-08-15 09:04 - 2012-08-15 09:04 - 00077874 ____A C:\Users\Nicole\Downloads\OTL.Txt
2012-08-15 08:58 - 2012-08-15 08:57 - 00596992 ____A (OldTimer Tools) C:\Users\Nicole\Downloads\OTL.exe
2012-08-15 08:45 - 2012-08-13 15:44 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-15 08:45 - 2012-08-13 14:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 08:45 - 2012-08-13 14:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-14 16:08 - 2012-08-13 15:22 - 00024576 __ASH C:\Users\Nicole\Desktop\Thumbs.db
2012-08-14 14:38 - 2012-08-14 14:38 - 00008761 ____A C:\Users\Nicole\Desktop\hijackthis.log
2012-08-14 14:37 - 2012-08-14 10:10 - 00008761 ____A C:\Users\Nicole\Downloads\hijackthis.log
2012-08-14 10:04 - 2012-08-14 10:04 - 00218112 ____A (Soeperman Enterprises Ltd.) C:\Users\Nicole\Downloads\HijackThis.exe
2012-08-13 15:41 - 2012-08-08 10:15 - 00067072 __ASH C:\Users\Nicole\My Documents\Thumbs.db
2012-08-13 15:41 - 2012-08-08 10:15 - 00067072 __ASH C:\Users\Nicole\Documents\Thumbs.db
2012-08-13 14:51 - 2012-08-13 14:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-13 14:51 - 2012-08-13 14:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-13 14:36 - 2012-08-13 14:14 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
2012-08-13 14:35 - 2010-06-08 17:31 - 00534362 ____A C:\Windows\PFRO.log
2012-08-13 14:23 - 2012-08-13 14:23 - 00000000 ____A C:\Windows\SysWOW64\8104297.jun
2012-08-10 11:00 - 2009-07-14 00:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-08 13:52 - 2009-07-13 23:51 - 00000000 ____A C:\Windows\setuperr.log
2012-08-08 12:52 - 2010-09-22 12:31 - 00000199 ____A C:\Windows\wstdUPSWSHIP.INI
2012-08-08 12:35 - 2012-08-08 12:35 - 00018338 ____A C:\ComboFix.txt
2012-08-08 12:16 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\Local Settings\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\Local Settings\Application Data\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00832625 ____A C:\Users\Nicole\AppData\Local\census.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\Local Settings\ars.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\Local Settings\Application Data\ars.cache
2012-08-07 09:09 - 2012-08-07 09:09 - 00108176 ____A C:\Users\Nicole\AppData\Local\ars.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\Local Settings\housecall.guid.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\Local Settings\Application Data\housecall.guid.cache
2012-08-07 08:52 - 2012-08-07 08:52 - 00000036 ____A C:\Users\Nicole\AppData\Local\housecall.guid.cache
2012-07-18 13:15 - 2012-08-15 09:00 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-06 15:07 - 2012-08-15 17:27 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-06 00:06 - 2012-08-13 14:52 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-06 00:06 - 2012-08-09 15:29 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-06 00:06 - 2010-09-09 12:47 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-04 17:16 - 2012-08-15 09:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-15 09:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-15 09:01 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-15 09:01 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-15 09:01 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 23:55 - 2012-08-15 17:25 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-15 17:25 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-15 17:25 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-15 17:25 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:49 - 2012-08-15 17:25 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:48 - 2012-08-15 17:25 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-15 17:25 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-15 17:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-15 17:25 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-15 17:25 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-15 17:25 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-15 17:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-15 17:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-15 17:25 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-15 17:25 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-15 17:25 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-15 17:25 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-15 17:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:09 - 2012-08-15 17:25 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:08 - 2012-08-15 17:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-15 17:25 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-15 17:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-15 17:25 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-15 17:25 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-15 17:25 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-15 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-15 17:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-15 17:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-09 00:43 - 2012-07-11 14:12 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-11 14:12 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 10:49 - 2012-06-06 10:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-06 01:06 - 2012-07-11 14:12 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-11 14:12 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-11 14:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-11 14:12 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-11 14:12 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-11 14:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-21 09:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 09:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 09:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 17:19 - 2012-06-21 09:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 09:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 09:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 09:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 09:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 17:15 - 2012-06-21 09:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 00:50 - 2012-07-11 14:12 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-11 14:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-11 14:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-11 14:12 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-11 14:12 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-11 14:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-11 14:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-11 14:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-11 14:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 5940.52 MB
Available physical RAM: 5219.77 MB
Total Pagefile: 5938.67 MB
Available Pagefile: 5212.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:581.41 GB) (Free:528.24 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive e: (USB MEMORY) (Removable) (Total:0.11 GB) (Free:0.1 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:868.17 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 117 MB 0 B
Disk 2 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB
Partition 4 Primary 10 MB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 117 MB 1024 B

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E USB MEMORY FAT Removable 117 MB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FreeAgent D NTFS Partition 931 GB Healthy

==================================================================================

Last Boot: 2012-08-08 09:12

======================= End Of Log ==========================
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 2:12 pm    Post subject: Search.txt Reply with quote
Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-16 14:49:02
Running from E:\

================== Search: "services.exe;explorer.exe" ===================

C:\Windows\explorer.exe
[2011-04-28 09:00] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-04-28 09:00] - [2011-02-26 00:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-04-28 09:00] - [2011-02-25 00:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-06-07 10:17] - [2010-11-20 07:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-04-28 09:00] - [2011-02-26 01:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-04-28 09:00] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-06-07 10:18] - [2010-11-20 08:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\SysWOW64\explorer.exe
[2011-04-28 09:00] - [2011-02-25 00:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache86\explorer.exe
[2012-08-08 12:21] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\erdnt\cache64\services.exe
[2012-08-08 12:20] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Thu Aug 16, 2012 2:40 pm    Post subject: Reply with quote
OK, at least we know what is causing the problems now .....

Quote:
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Partition 4 Primary 10 MB 596 GB


Which are symptoms of a TDL4 infection, partition sector variant. This is the latest version of a well established family of infections ....

http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot
http://blog.eset.com/2011/10/18/tdl4-rebooted

We can remove the infection, but I'd like you to read the following first and then let me know what you want to do .....

TDL4 is a Remote Access Infection

A Remote Access Infection will allow the person who infected your computer to use your computer as if he was sat in front of it, and he may ....


  • Steal bank account details.
  • Steal credit card numbers.
  • Steal your personal details.
  • Modify your computer to make it easier to infect.
  • Use your computer as part of a botnet, to distribute porn or spam.
  • Anything else he cares to think of ..... and most attackers are very inventive people.


You are strongly advised to do the following immediately ....


  • Disconnect the infected computer from the internet and from any networked computers.
  • Call all of your banks, credit card companies, and financial institutions, and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change all your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.


Do not change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

The only way to remove these type of infections and leave yourself with a secure computer, is to re-format your hard drive and re-install Windows.

It is impossible to discover all of the modifications that your attacker may have made to your computer while he had access to it, and though we may be able to remove all the obvious signs of infection from your computer, and leave you with an apparently fully functioning machine that does not mean it is secure.

If you use your computer for any of the following ....


  • Online Banking.
  • Finances or credit of any kind.
  • Filling out your tax forms online or offline.
  • Filling out Social Security or Personal Insurance forms online or offline.
  • Making online purchases or payments of any type.
  • Anything involving the use of confidential data.


.... then a re-format and re-install should be the only choice you should make.

If you insist, we are prepared to help you "clean" your machine, but we strongly advise you against this course of action, and you must understand that although we may be able to restore your computer to a usable condition, it will NOT be secure until a re-format and re-install is performed, and should not be used for any of the activities listed above.

To help you decide, please take some time to read the following articles, then let me know how you want to proceed.


_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Thu Aug 16, 2012 4:34 pm    Post subject: Saw that coming... Reply with quote
Yeah, I noticed that too. I've already contacted Dell and my disks are on their way.

What would be involved in removing the infection? It might take up to a week for the disks to arrive, during which time I will need to use the infected computer some.

Also, what would you recommend to prevent future infection? I will be sure to back up and keep a system repair disk, but I'm not familiar with the best adware/spyware/malware software, beyond antivirus protection.

Thanks for your dedication in getting past all of the road blocks.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Thu Aug 16, 2012 11:45 pm    Post subject: Reply with quote
OK, we'll get started removing your infection then.

It's a reasonably simple procedure provided all goes well, but removing any Malware is never without risk.

First we need to disable your infection, and then when I'm sure it's disabled we can remove it.



Next - with your computer booted into Normal mode.


  • Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
  • An empty Notepad file will open.
  • Copy and paste the contents of the code box below into Notepad.


Code:
Disk=0 Partition=2 active



  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fix.txt to the flash drive where ListParts is located.


Next

Boot your computer into Recovery Environment using the repair disk you made.

Plug in the USB drive ... which should have ListParts64.exe and Fix.txt saved to it.


  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • ListParts will start to run.

      • Press the Fix button.
      • ListParts will process the script in Fix.txt
      • When finished please press the Scan button.
      • A log Result.txt will be saved to the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the Result.txt log please.


I'll make some recommendations for security once we've fully removed your infection, there's a few more things to do before it's properly removed.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 6:10 am    Post subject: Result.txt Reply with quote
ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 17-08-2012 at 06:55:27
Windows 7 (X64)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 5940.52 MB
Available physical RAM: 5355.47 MB
Total Pagefile: 5938.67 MB
Available Pagefile: 5334.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:581.41 GB) (Free:528.23 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive e: (USB MEMORY) (Removable) (Total:0.11 GB) (Free:0.1 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 117 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB
Partition 4 Primary 10 MB 596 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 117 MB 1024 B

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E USB MEMORY FAT Removable 117 MB Healthy

======================================================================================================

****** End Of Log ******
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 6:15 am    Post subject: Alureon Reply with quote
When I finished following your instructions and rebooted, Microsoft Security Essentials gave me an alert.

Detected items: Trojan:DOS/Alureon:K
Alert level: Severe
Status: Suspended
Recommended action: Remove
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Reccomended action: Remove this software immediately.
Items: boot:\Device\HarddiskVolume4
and boot:\Device\HarddiskVolume4\
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Fri Aug 17, 2012 7:22 am    Post subject: Reply with quote
OK thanks.

The Partition the infection is on is now currently disabled, which is why Microsoft Security Essentials can now run properly and has detected it. Alureon is an alternate name for TDL4.

Time to remove the infection ....

First

Delete the existing Fix.txt and Result.txt on your USB drive.

Next - with your computer booted into Normal mode.


  • Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
  • An empty Notepad file will open.
  • Copy and paste the contents of the code box below into Notepad.


Code:
Custom
Disk=0 Partition=4 delete



  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fix.txt to the flash drive where ListParts is located.


Next

Boot your computer into Recovery Environment using the repair disk you made.

Plug in the USB drive ... which should have ListParts64.exe and Fix.txt saved to it.


  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • ListParts will start to run.

      • Press the Fix button.
      • ListParts will process the script in Fix.txt
      • When finished please press the Scan button.
      • A log Result.txt will be saved to the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the Result.txt log please.


Next

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop


  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

  • Double click on ComboFix.exe and follow the prompts.

  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.


**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

Summary of the logs I need from you in your next post:

  • Latest Result.txt
  • Combofix log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 8:08 am    Post subject: Result.txt Reply with quote
ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 17-08-2012 at 09:04:01
Windows 7 (X64)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 5940.52 MB
Available physical RAM: 5353.68 MB
Total Pagefile: 5938.67 MB
Available Pagefile: 5334.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:581.41 GB) (Free:528.21 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive e: (USB MEMORY) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 13 MB
Disk 1 Online 117 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 117 MB 1024 B

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E USB MEMORY FAT Removable 117 MB Healthy

======================================================================================================

****** End Of Log ******
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 8:54 am    Post subject: Combofix log Reply with quote
ComboFix 12-08-17.02 - Nicole 08/17/2012 9:17.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4431 [GMT -7:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 16:36 . 2012-08-17 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:06 . 2012-08-17 16:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0F91348-8958-4077-80E8-B318FEDADACF}\offreg.dll
2012-08-16 19:44 . 2012-08-16 19:44 -------- d-----w- C:\FRST
2012-08-16 16:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0F91348-8958-4077-80E8-B318FEDADACF}\mpengine.dll
2012-08-15 22:27 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 14:32 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 14:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 14:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 14:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 14:01 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 14:01 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:01 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:01 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 14:00 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:00 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 20:44 . 2012-08-15 13:45 9232584 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-13 19:52 . 2012-08-13 19:52 -------- d-----w- c:\program files (x86)\Oracle
2012-08-13 19:44 . 2012-08-15 13:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-13 19:44 . 2012-08-15 13:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-13 19:23 . 2012-08-13 19:23 -------- d-----w- c:\program files (x86)\Browser Hijack Recover
2012-08-13 19:22 . 2012-08-13 19:46 -------- d-----w- c:\programdata\Tarma Installer
2012-08-13 19:14 . 2012-08-13 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-13 19:14 . 2012-08-13 19:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-10 16:38 . 2012-08-10 16:38 -------- d-----w- c:\users\Nicole\AppData\Roaming\TuneUp Software
2012-08-10 15:46 . 2012-08-10 15:46 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 20:29 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-09 20:11 . 2012-08-13 13:38 -------- d-----w- c:\program files\Google
2012-08-09 20:10 . 2012-08-10 16:34 -------- d-----w- c:\users\Nicole\AppData\Local\Google
2012-08-09 20:10 . 2012-08-13 13:38 -------- d-----w- c:\program files (x86)\Google
2012-08-08 15:55 . 2012-08-08 15:55 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-08-08 15:55 . 2012-08-08 15:55 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 17:05 . 2012-07-31 17:05 -------- d-----w- c:\program files (x86)\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 22:23 . 2010-09-20 13:53 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 05:06 . 2010-09-09 17:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 05:43 . 2012-07-11 19:12 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 19:12 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:12 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:12 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:12 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 14:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 14:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 14:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 19:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 19:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 19:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-30 14:22 . 2012-05-30 14:22 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-08_17.16.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 14:01 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
- 2012-07-11 23:07 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-15 22:25 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-07-11 23:07 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-15 22:25 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 23:07 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-15 22:25 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-01-11 04:15 . 2012-01-11 04:15 24576 c:\windows\SysWOW64\igfxexps32.dll
- 2011-09-01 02:16 . 2011-09-01 02:16 24576 c:\windows\SysWOW64\igfxexps32.dll
+ 2009-07-14 04:54 . 2012-08-15 13:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-03 15:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-03 15:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 15:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-09 17:39 . 2012-08-17 16:08 66342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-17 16:08 35432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-09 17:51 . 2012-08-17 16:08 19766 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-40008613-533655973-2503720805-1001_UserData.bin
- 2012-07-11 23:07 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-15 22:25 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2012-07-11 23:07 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-15 22:25 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 23:07 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-15 22:25 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2010-06-08 23:21 . 2011-09-01 02:21 62464 c:\windows\system32\igfxsrvc.dll
+ 2010-06-08 23:21 . 2012-01-11 04:19 62464 c:\windows\system32\igfxsrvc.dll
- 2010-06-08 23:21 . 2011-09-01 02:21 28672 c:\windows\system32\igfxexps.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 28672 c:\windows\system32\igfxexps.dll
+ 2012-01-11 05:37 . 2012-01-11 05:37 90112 c:\windows\system32\igfxCoIn_v2622.dll
- 2009-07-14 05:30 . 2011-10-21 17:06 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-08-16 13:46 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-11 05:37 . 2012-01-11 05:37 90112 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igxpco64.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 98304 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\iglhcp64.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 98304 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\iglhcp32.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 62464 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxsrvc.dll
+ 2012-01-11 04:15 . 2012-01-11 04:15 24576 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxexps32.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 28672 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxexps.dll
+ 2012-01-11 05:28 . 2012-01-11 05:28 75776 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdde64.dll
+ 2012-01-11 05:16 . 2012-01-11 05:16 56832 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdde32.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 94208 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\IccLibDll_x64.dll
+ 2011-07-12 19:17 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
- 2010-09-09 17:23 . 2012-08-08 15:39 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-09 17:23 . 2012-08-17 16:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-09 17:23 . 2012-08-17 16:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-09 17:23 . 2012-08-08 15:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-08 15:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-17 16:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-16 07:39 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-09 20:21 . 2012-08-09 20:21 25600 c:\windows\Installer\3ef964.msi
+ 2012-08-15 22:28 . 2012-08-15 22:28 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2012-05-14 20:00 . 2012-05-14 20:00 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 43608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-15 22:28 . 2012-08-15 22:28 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-14 20:08 . 2012-05-14 20:08 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-09-01 02:20 . 2011-09-01 02:20 4096 c:\windows\system32\IGFXDEVLib.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 4096 c:\windows\system32\IGFXDEVLib.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 4096 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\IGFXDEVLib.dll
- 2012-08-08 16:04 . 2012-08-08 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 16:06 . 2012-08-17 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-08 16:04 . 2012-08-08 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 16:06 . 2012-08-17 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 23:07 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-15 22:25 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-15 13:45 . 2012-08-15 13:45 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 13:45 . 2012-08-15 13:45 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-08-13 19:44 . 2012-08-15 13:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-04 13:44 . 2012-08-03 15:23 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-15 22:25 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-08-13 19:52 . 2012-07-06 05:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-08-13 19:52 . 2012-08-13 19:51 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-08-13 19:52 . 2012-08-13 19:51 174064 c:\windows\SysWOW64\java.exe
+ 2012-01-11 04:14 . 2012-01-11 04:14 294400 c:\windows\SysWOW64\igfxdv32.dll
- 2011-09-01 02:15 . 2011-09-01 02:15 294400 c:\windows\SysWOW64\igfxdv32.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 171520 c:\windows\SysWOW64\igfxcmrt32.dll
- 2010-06-08 23:21 . 2011-09-01 02:45 581120 c:\windows\SysWOW64\igdumdx32.dll
+ 2010-06-08 23:21 . 2012-01-11 05:12 581120 c:\windows\SysWOW64\igdumdx32.dll
+ 2012-08-15 22:25 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 23:07 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-15 22:25 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-11 23:07 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2010-09-09 18:20 . 2012-08-16 17:48 305550 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-07-11 23:07 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-08-15 22:25 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-08-02 20:45 676152 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 21:59 676152 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 21:59 126450 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 20:45 126450 c:\windows\system32\perfc009.dat
+ 2012-08-15 13:45 . 2012-08-15 13:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 13:45 . 2012-08-15 13:45 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-15 22:25 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 167704 c:\windows\system32\igfxtray.exe
- 2011-09-01 03:08 . 2011-09-01 03:08 167704 c:\windows\system32\igfxtray.exe
- 2011-09-01 02:21 . 2011-09-01 02:21 378368 c:\windows\system32\igfxTMM.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 378368 c:\windows\system32\igfxTMM.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 510232 c:\windows\system32\igfxsrvc.exe
- 2011-09-01 03:08 . 2011-09-01 03:08 510232 c:\windows\system32\igfxsrvc.exe
+ 2010-08-26 02:04 . 2012-01-11 04:20 375808 c:\windows\system32\igfxpph.dll
- 2010-08-26 02:04 . 2011-09-01 02:21 375808 c:\windows\system32\igfxpph.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 417560 c:\windows\system32\igfxpers.exe
- 2011-09-01 03:08 . 2011-09-01 03:08 239896 c:\windows\system32\igfxext.exe
+ 2012-01-11 05:43 . 2012-01-11 05:43 239896 c:\windows\system32\igfxext.exe
+ 2012-01-11 04:18 . 2012-01-11 04:18 142336 c:\windows\system32\igfxdo.dll
- 2011-09-01 02:20 . 2011-09-01 02:20 142336 c:\windows\system32\igfxdo.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 390656 c:\windows\system32\igfxdev.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 148480 c:\windows\system32\igfxcmrt64.dll
- 2012-07-11 23:07 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-15 22:25 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-15 22:25 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2012-07-11 23:07 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 392984 c:\windows\system32\hkcmd.exe
+ 2010-06-08 23:21 . 2012-01-11 04:19 110080 c:\windows\system32\hccutils.dll
- 2010-06-08 23:21 . 2011-09-01 02:20 110080 c:\windows\system32\hccutils.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 146432 c:\windows\system32\gfxSrvc.dll
- 2011-09-01 02:20 . 2011-09-01 02:20 146432 c:\windows\system32\gfxSrvc.dll
+ 2009-07-14 04:45 . 2012-08-16 13:48 520312 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-12 14:07 520312 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-10-21 17:06 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-16 13:46 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-16 13:46 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-10-21 17:06 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-01-11 04:12 . 2012-01-11 04:12 376832 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\iglhsip64.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 376832 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\iglhsip32.dll
+ 2012-01-11 05:27 . 2012-01-11 05:27 963884 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igkrng600.bin
+ 2012-01-11 05:27 . 2012-01-11 05:27 867020 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igkrng575.bin
+ 2012-01-11 05:43 . 2012-01-11 05:43 167704 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxtray.exe
+ 2012-01-11 04:19 . 2012-01-11 04:19 378368 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxTMM.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 510232 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxsrvc.exe
+ 2012-01-11 04:20 . 2012-01-11 04:20 375808 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxpph.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 417560 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxpers.exe
+ 2012-01-11 05:43 . 2012-01-11 05:43 239896 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxext.exe
+ 2012-01-11 04:14 . 2012-01-11 04:14 294400 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxdv32.dll
+ 2012-01-11 04:18 . 2012-01-11 04:18 142336 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxdo.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 390656 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxdev.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 148480 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxcmrt64.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 171520 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxcmrt32.dll
+ 2012-01-11 05:27 . 2012-01-11 05:27 221264 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfcg600m.bin
+ 2012-01-11 05:27 . 2012-01-11 05:27 105608 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfcg575m.bin
+ 2012-01-11 05:12 . 2012-01-11 05:12 581120 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdumdx32.dll
+ 2012-01-11 05:27 . 2012-01-11 05:27 145804 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igcompkrng600.bin
+ 2012-01-11 05:27 . 2012-01-11 05:27 128204 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igcompkrng575.bin
+ 2012-01-11 05:43 . 2012-01-11 05:43 392984 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\hkcmd.exe
+ 2012-01-11 04:19 . 2012-01-11 04:19 110080 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\hccutils.dll
+ 2012-01-11 04:19 . 2012-01-11 04:19 146432 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\gfxSrvc.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 184600 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\difx64.exe
+ 2011-06-07 15:17 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-15 22:27 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
+ 2009-07-14 05:31 . 2012-08-16 13:46 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-07-13 13:55 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-01-11 05:43 . 2012-01-11 05:43 184600 c:\windows\system32\difx64.exe
+ 2009-07-14 05:01 . 2012-08-17 16:01 474024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-13 19:52 . 2012-08-13 19:52 461312 c:\windows\Installer\ecc6a.msi
+ 2012-07-04 14:59 . 2012-07-04 14:59 261120 c:\windows\Installer\1bac36a.msp
+ 2010-09-09 18:06 . 2012-08-15 22:27 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-01-07 17:38 . 2011-01-07 17:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL
- 2012-07-11 23:07 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-15 22:25 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-15 22:25 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-07-11 23:07 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-15 22:25 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 1663488 c:\windows\SysWOW64\igfxcmjit32.dll
+ 2010-06-08 23:21 . 2012-01-11 05:18 6323712 c:\windows\SysWOW64\igdumd32.dll
+ 2012-01-11 04:55 . 2012-01-11 04:55 7988224 c:\windows\SysWOW64\igd10umd32.dll
- 2012-07-11 23:07 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-15 22:25 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-15 22:25 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 23:06 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-15 22:25 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 23:07 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-08-15 22:25 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
- 2012-07-11 23:07 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-15 22:25 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
- 2010-06-08 23:21 . 2011-09-01 02:20 9014784 c:\windows\system32\igfxress.dll
+ 2010-06-08 23:21 . 2012-01-11 04:18 9014784 c:\windows\system32\igfxress.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 2177536 c:\windows\system32\igfxcmjit64.dll
+ 2012-01-11 05:28 . 2012-01-11 05:28 8313856 c:\windows\system32\igdumd64.dll
+ 2010-06-08 23:21 . 2012-01-11 05:06 9528832 c:\windows\system32\igd10umd64.dll
- 2012-07-11 23:07 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-15 22:25 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 4379416 c:\windows\system32\GfxUI.exe
+ 2012-01-11 04:18 . 2012-01-11 04:18 9014784 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxress.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 2177536 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxcmjit64.dll
+ 2012-01-11 04:12 . 2012-01-11 04:12 1663488 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igfxcmjit32.dll
+ 2012-01-11 05:28 . 2012-01-11 05:28 8313856 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdumd64.dll
+ 2012-01-11 05:18 . 2012-01-11 05:18 6323712 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdumd32.dll
+ 2012-01-11 05:06 . 2012-01-11 05:06 9528832 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igd10umd64.dll
+ 2012-01-11 04:55 . 2012-01-11 04:55 7988224 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igd10umd32.dll
+ 2012-01-11 05:43 . 2012-01-11 05:43 4379416 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\GfxUI.exe
- 2009-07-14 04:45 . 2012-07-12 14:10 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-16 13:50 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-09 23:27 . 2012-08-16 21:35 4474384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-22 22:26 . 2012-08-13 22:27 2529108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-40008613-533655973-2503720805-1001-12288.dat
+ 2012-06-27 01:03 . 2012-06-27 01:03 3875840 c:\windows\Installer\1bac3fb.msp
+ 2012-07-19 09:45 . 2012-07-19 09:45 3464704 c:\windows\Installer\1bac3f3.msp
+ 2012-07-04 15:04 . 2012-07-04 15:04 1292288 c:\windows\Installer\1bac3de.msp
+ 2012-07-04 15:12 . 2012-07-04 15:12 4772352 c:\windows\Installer\1bac3d5.msp
+ 2012-07-04 15:09 . 2012-07-04 15:09 1284096 c:\windows\Installer\1bac3bf.msp
+ 2012-07-04 15:01 . 2012-07-04 15:01 9082368 c:\windows\Installer\1bac3aa.msp
+ 2012-07-04 14:58 . 2012-07-04 14:58 6163456 c:\windows\Installer\1bac38e.msp
+ 2010-09-09 18:06 . 2012-08-15 22:27 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2010-09-09 18:06 . 2012-07-11 23:10 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-09 18:06 . 2012-08-15 22:27 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-15 22:25 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2012-01-11 04:29 . 2012-01-11 04:29 13904384 c:\windows\SysWOW64\ig4icd32.dll
+ 2009-07-14 02:34 . 2012-08-16 13:46 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-12 14:06 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-15 22:25 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-01-11 04:42 . 2012-01-11 04:42 18653696 c:\windows\system32\ig4icd64.dll
+ 2012-08-15 22:25 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2012-01-11 05:28 . 2012-01-11 05:28 12311904 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\igdkmd64.sys
+ 2012-01-11 04:42 . 2012-01-11 04:42 18653696 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\ig4icd64.dll
+ 2012-01-11 04:29 . 2012-01-11 04:29 13904384 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_252d1492fa1d44e0\ig4icd32.dll
+ 2012-01-11 05:28 . 2012-01-11 05:28 12311904 c:\windows\system32\drivers\igdkmd64.sys
+ 2011-05-18 23:31 . 2012-08-17 16:01 17546188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-40008613-533655973-2503720805-1001-8192.dat
+ 2012-08-13 19:51 . 2012-08-13 19:51 17379840 c:\windows\Installer\ecc66.msi
+ 2012-07-18 22:53 . 2012-07-18 22:53 10937344 c:\windows\Installer\1bac372.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-05 65536]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 13:45]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 20:10]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 20:10]
.
2012-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 63f90cca-8bd4-4425-b8ea-c32cec3555d9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad568974-9264-4dce-8686-7c3ec672cec9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title =
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-73054487.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 09:38:43
ComboFix-quarantined-files.txt 2012-08-17 16:38
ComboFix2.txt 2012-08-08 17:35
.
Pre-Run: 567,135,387,648 bytes free
Post-Run: 566,878,384,128 bytes free
.
- - End Of File - - AD947AC2732D2657D56A6E429F908841
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Fri Aug 17, 2012 9:06 am    Post subject: Reply with quote
Looking good so far.

I see you have Malwarebytes Anti Malware installed ....


  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.

    • Click the Updates tab.

      • Click Check for Updates and allow the programme to download the latest definitions.

    • Click the Scanner tab.

      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.

        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.

      • Post the log in your next reply please.




You can also access the log by doing the following

  • Click on the Logs tab.

    • Click on the log at the bottom of those listed to highlight it.
    • Click Open



Next

Please run a scan with ESET Online Scanner (this usually takes a couple of hours or so to run, but it's very thorough and should pick up anything we've missed, TDL4 often comes bundled with other "fellow travellers").

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • MBAM log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 9:44 am    Post subject: MBAM log & Behavior Reply with quote
Below is the MBAM log. No malicious items were detected.

Since we disabled the partition, the computer is behaving as it should be. Everything is running smoother, and the internet is no longer redirecting or taking long to load.

I will run the E-Set Scanner later tonight when I do not need to use the computer, and will then post the results.




Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: ASMLAPTOP [administrator]

Protection: Enabled

8/17/2012 10:38:36 AM
mbam-log-2012-08-17 (10-38-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200568
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Fri Aug 17, 2012 11:10 am    Post subject: Reply with quote
OK, no problem.

My connection is playing up at the moment, so it may be tomorrow morning (my time GMT) before I get to see your e-set log.

If it comes out clear (I expect it probably will), I'll give you details then of how to remove the programs we've been using, and how to secure your computer.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Fri Aug 17, 2012 8:07 pm    Post subject: E-Set Log Reply with quote
Here is the log at the location you indicated:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Here is a copy of the results that I saved from ESET:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\1e21da70-608b8b60 a variant of Java/Exploit.CVE-2012-1723.AL trojan
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Fri Aug 17, 2012 9:13 pm    Post subject: Reply with quote
Seems we're not quite finished yet.


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\1e21da70-608b8b60

:Commands
[emptytemp]
[createrestorepoint]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MahnaMahna
Junior Member


Joined: 14 Aug 2012
Last Visit: 20 Aug 2012
Posts: 17
PostPosted: Sat Aug 18, 2012 9:22 pm    Post subject: Log Reply with quote
All processes killed
========== FILES ==========
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe moved successfully.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll moved successfully.
File\Folder C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll not found.
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\1e21da70-608b8b60 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nicole
->Temp folder emptied: 794190 bytes
->Temporary Internet Files folder emptied: 260459676 bytes
->Java cache emptied: 1029229 bytes
->Flash cache emptied: 1121 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22668 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 26693 bytes

Total Files Cleaned = 250.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08182012_221559

Files\Folders moved on Reboot...
C:\Users\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nicole\AppData\Local\Temp\REG196B.tmp moved successfully.
C:\Users\Nicole\AppData\Local\Temp\REG2D27.tmp moved successfully.
C:\Users\Nicole\AppData\Local\Temp\REGFBBD.tmp moved successfully.
C:\Users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6JUU4JR\viewtopic[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Nicole\AppData\Local\Temp\REG196B.tmp not found!
File C:\Users\Nicole\AppData\Local\Temp\REG2D27.tmp not found!
File C:\Users\Nicole\AppData\Local\Temp\REGFBBD.tmp not found!
File C:\Users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6JUU4JR\viewtopic[1].htm not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Sat Aug 18, 2012 9:41 pm    Post subject: Reply with quote
OK, as far as I can see, you are now clear of all visible signs of infection. As I explained in my earlier post ... http://spywarewarrior.com/viewtopic.php?p=228510&sid=a3753e6eec81f42a54815fb68966dafa#228510 ... that does not mean your computer is secure, but it does mean I've removed all of it that I can find.

Time to remove the programs we've been using on your machine.

First

Let's clear out Combofix and the files/folders it created

  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.

    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.


IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller, aswMBR, FRST (if the usb drive is attached when OTL runs).

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


ListParts should be manually deleted, along with any report files left from the various scans we have run.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 20 May 2013
Posts: 9698
Location: Yorkshire
PostPosted: Sun Aug 19, 2012 9:39 pm    Post subject: Reply with quote
Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group