Jump to content

Rev-Roy

Anti-Spyware Brigade
  • Content Count

    1,107
  • Joined

  • Last visited

About Rev-Roy

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://wwwproclaimingthelord.com
  • ICQ
    0
  • Yahoo
    revroyva

Profile Information

  • Gender
    Male
  • Location
    Virginia
  • Interests
    Fishing, computing, people.

Previous Fields

  • Teams:
    Nothing Selected
  1. DONE! No more Babylon and it seems to be working fine. I really appreciate your time and help. I will perform your next wedding free! Again Thanks Rev-Roy
  2. When I click on new tab while on firefox myyahoo it comes up as babylon search but I have everything else working ok now thanks revroy
  3. After reboot it asked to let OTL Exe runa nd I did and it created the following: FilesFolders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... new log: OTL logfile created on: 11/2/2012 9:27:57 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 62.67% Memory free 7.50 Gb Paging File | 6.01 Gb Available in Paging File | 80.12% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 451.07 Gb Total Space | 84.95 Gb Free Space | 18.83% Space Free | Partition Type: NTFS Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersRockin RevDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation) PRC - C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit) PRC - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) PRC - C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation) PRC - C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll () MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll () ========== Services (SafeList) ========== SRV:64bit: - (DockLoginService) -- C:Program FilesDellDellDockDockLogin.exe File not found SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation) SRV:64bit: - (AERTFilters) -- C:Program FilesRealtekAudioHDAAERTSr64.exe (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (AdvancedSystemCareService5) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit) SRV - (TeamViewer7) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe (TeamViewer GmbH) SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation) SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe () SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe () SRV - (GoToAssist) -- C:Program Files (x86)CitrixGoToAssist514g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ArcSoft Inc.) SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (Yahoo! Inc.) SRV - (EPSON_EB_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:Program FilesDell Support Centerpcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (VCR2PC) -- C:WindowsSysNativedrivers0140_ION.sys (Trident Multimedia Technologies Co.,Ltd) DRV:64bit: - (SCDEmu) -- C:WindowsSysNativedriversscdemu.sys (PowerISO Computing, Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.) DRV:64bit: - (k57nd60a) -- C:WindowsSysNativedriversk57nd60a.sys (Broadcom Corporation) DRV:64bit: - (AtiHdmiService) -- C:WindowsSysNativedriversAtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:WindowsSysNativedriversLMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:WindowsSysNativedriversLHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (WimFltr) -- C:WindowsSysNativedriversWimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {F4F155B9-542E-4132-8E93-719BCAE2D1B6} IE:64bit: - HKLM..SearchScopes{F4F155B9-542E-4132-8E93-719BCAE2D1B6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLM..SearchScopes,DefaultScope = {38D94A0A-B4A8-4CD4-8D18-1A1627459FD5} IE - HKLM..SearchScopes{38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.my.yahoo.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie IE - HKCU..SearchScopes,DefaultScope = {09512006-C404-41B9-8064-7DEBD5808D55} IE - HKCU..SearchScopes{09512006-C404-41B9-8064-7DEBD5808D55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "" FF - prefs.js..browser.search.param.yahoo-type: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: 4nffxtbr@ConservativeTalkNow_4n.com:2.50.0.56219 FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll () FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - HKLMSoftwareMozillaPlugins@ConservativeTalkNow_4n.com/Plugin: C:Program Files (x86)ConservativeTalkNow_4nbar1.binNP4nStub.dll File not found FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC) FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.5.1: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation) FF - HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program Files (x86)Yahoo!SharednpYState.dll (Yahoo! Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions4nffxtbr@ConservativeTalkNow_4n.com: C:Program Files (x86)ConservativeTalkNow_4nbar1.bin [2012/08/25 18:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/10/16 13:57:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsComponents: C:Program Files (x86)Mozilla Thunderbirdcomponents [2012/06/05 19:52:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsPlugins: C:Program Files (x86)Mozilla Thunderbirdplugins [2012/08/15 19:36:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsmoveplayer@movenetworks.com: C:UsersRockin RevAppDataRoamingMove Networks [2011/05/04 19:11:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M] [2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions [2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/25 08:41:05 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions [2012/10/25 08:41:05 | 000,000,000 | ---D | M] (ConservativeTalkNow) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions4nffxtbr@ConservativeTalkNow_4n.com [2012/08/01 20:22:05 | 000,741,958 | ---- | M] () (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010/12/13 16:43:42 | 000,002,698 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginstwitter.xml [2012/10/27 08:46:25 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/10/16 13:57:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5 [2012/10/27 08:46:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll [2011/08/02 12:07:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:Program Files (x86)mozilla firefoxpluginsNPcol400.dll [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpMozCouponPrinter.dll [2012/08/30 17:50:20 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml [2012/10/11 19:57:16 | 000,002,058 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - Extension: YouTube = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: DivX Plus Web Player HTML5 u003Cvideou003E = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsnneajnkjbffgblleaoojgaacokifdkhm2.1.2.145_0 CHR - Extension: Gmail = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/11/01 07:18:03 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.) O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU..ToolbarWebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKCU..Run: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.) O4 - HKLM..RunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" File not found O4 - Startup: C:UsersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{DB887993-8B81-4006-9962-D38A9B9E9232}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EC65B112-7899-4765-9125-B7D3AC103FC9}: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 O18:64bit: - ProtocolHandlerlivecall - No CLSID value found O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlermsnim - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20:64bit: - WinlogonNotifyGoToAssist: DllName - (C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll) - File not found O20:64bit: - WinlogonNotifyLBTWlgn: DllName - (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) - c:Program FilesCommon FilesLogishrdBluetoothLBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/02 09:22:39 | 000,000,000 | ---D | C] -- C:_OTL [2012/11/02 09:21:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe [2012/11/02 07:36:16 | 000,000,000 | ---D | C] -- C:UsersRockin RevDesktopScan Files [2012/11/01 14:27:36 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/11/01 14:25:03 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/11/01 07:31:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5 [2012/11/01 07:26:35 | 000,000,000 | ---D | C] -- C:Config.Msi [2012/11/01 07:08:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/11/01 07:08:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/11/01 07:08:30 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/11/01 07:07:57 | 000,000,000 | ---D | C] -- C:Qoobox [2012/11/01 07:07:47 | 000,000,000 | ---D | C] -- C:Windowserdnt [2012/10/28 06:27:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Security Client [2012/10/28 06:27:27 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Security Client [2012/10/27 08:46:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox [2012/10/16 13:58:51 | 000,000,000 | ---D | C] -- C:UsersRockin RevAppDataLocalDDMSettings [2012/10/11 07:18:34 | 000,000,000 | ---D | C] -- C:Airprint [2012/10/09 18:26:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesrcore.dll [2012/10/09 18:26:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll [2012/10/09 18:26:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll [2012/10/09 18:26:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll [2012/10/09 18:26:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe [2012/10/09 18:26:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll [2012/10/09 18:26:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll [2012/10/09 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe [2012/10/09 18:26:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll [2012/10/09 18:26:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll [2012/10/09 18:26:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll [2012/10/09 18:26:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll [2012/10/09 18:26:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe [2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll [2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll [2012/10/09 18:26:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe [2012/10/09 18:25:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe [2012/10/09 18:25:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe [2012/10/09 18:25:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe [2012/10/09 18:25:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe [2012/10/09 18:25:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys [2012/10/09 18:25:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll [2012/10/09 18:23:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll [2012/10/09 18:23:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecryptnet.dll [2012/10/09 18:23:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewin32spl.dll [2012/10/09 18:23:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64win32spl.dll [2012/10/09 18:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:Windowssplwow64.exe [2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/02 09:31:20 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/02 09:31:20 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/02 09:30:42 | 000,779,266 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/11/02 09:30:42 | 000,660,280 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/11/02 09:30:42 | 000,121,208 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/11/02 09:24:21 | 000,000,902 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/11/02 09:24:14 | 000,000,506 | ---- | M] () -- C:WindowstasksSystemToolsDailyTest.job [2012/11/02 09:24:09 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/11/02 09:24:04 | 3019,091,968 | -HS- | M] () -- C:hiberfil.sys [2012/11/02 09:02:00 | 000,000,906 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/11/02 07:01:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe [2012/11/01 07:31:02 | 000,001,274 | ---- | M] () -- C:UsersPublicDesktopUninstaller.lnk [2012/11/01 07:31:01 | 000,001,223 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk [2012/11/01 07:18:03 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/10/28 06:28:02 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif [2012/10/27 09:41:18 | 000,001,111 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/10/27 09:12:21 | 000,000,824 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/10/25 08:47:56 | 000,000,564 | ---- | M] () -- C:WindowstasksPCDoctorBackgroundMonitorTask.job [2012/10/16 13:57:56 | 000,001,622 | ---- | M] () -- C:UsersRockin RevDesktopDivX Movies.lnk [2012/10/16 13:57:31 | 000,001,114 | ---- | M] () -- C:UsersPublicDesktopDivX Plus Player.lnk [2012/10/09 18:43:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/10/09 18:43:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/10/09 18:42:11 | 000,550,600 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/01 07:31:02 | 000,001,274 | ---- | C] () -- C:UsersPublicDesktopUninstaller.lnk [2012/11/01 07:31:01 | 000,001,223 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk [2012/11/01 07:08:30 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/11/01 07:08:30 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/11/01 07:08:30 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/11/01 07:08:30 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/11/01 07:08:30 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/10/28 06:28:02 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif [2012/10/28 06:27:52 | 000,002,119 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk [2012/10/16 13:57:31 | 000,001,114 | ---- | C] () -- C:UsersPublicDesktopDivX Plus Player.lnk [2011/11/19 08:34:13 | 000,000,061 | ---- | C] () -- C:WindowsTaxACT11.ini [2011/05/21 17:50:00 | 000,000,109 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.32.bc [2011/05/21 17:47:03 | 000,772,990 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2011/05/12 14:52:31 | 000,001,940 | ---- | C] () -- C:UsersRockin RevAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:WindowsSysWow64atipblag.dat [2010/12/14 14:58:13 | 000,004,096 | -H-- | C] () -- C:UsersRockin RevAppDataLocalkeyfile3.drm [2010/12/13 08:56:41 | 000,000,048 | ---- | C] () -- C:WindowsTaxACT10.ini [2010/09/15 17:37:18 | 000,009,728 | ---- | C] () -- C:UsersRockin RevAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 "" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] "" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64 "" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] "" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64 "" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34 < End of report >
  4. Sorry, must have done something wrong with txt extra so here it is: OTL Extras logfile created on: 11/2/2012 7:10:38 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.47% Memory free 7.50 Gb Paging File | 6.12 Gb Available in Paging File | 81.59% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 451.07 Gb Total Space | 84.92 Gb Free Space | 18.83% Space Free | Partition Type: NTFS Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .html[@ = ChromeHTML] -- C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.) .jse [@ = JSEFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USERSOFTWAREClasses<extension>] .html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:Program Files (x86)GoogleChromeApplicationchrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsefile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. wsffile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:Program Files (x86)GoogleChromeApplicationchrome.exe" -- "%1" (Google Inc.) jsefile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. wsffile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules] "{070E7D0D-8B17-4776-A626-8F50E10303CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe | "{073DC90F-12A0-4A63-95B4-E6BF2910BDCA}" = rport=137 | protocol=17 | dir=out | app=system | "{0ED10857-36B0-4AE9-8A64-E19B14F5C34E}" = lport=445 | protocol=6 | dir=in | app=system | "{2A0C19D2-57EC-48D9-BB88-963938CCA1D9}" = rport=445 | protocol=6 | dir=out | app=system | "{2BC578CB-0331-4AC2-9383-EF9718F3266E}" = rport=139 | protocol=6 | dir=out | app=system | "{2ED74930-CA1A-4059-9C28-F3A377098972}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe | "{2F8D7D56-E84B-4884-B994-25119F737E03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe | "{49048164-CF34-4810-A58E-38CA93094289}" = lport=10243 | protocol=6 | dir=in | app=system | "{52166989-B3DF-43B0-B5BD-CC6D6D9365F2}" = rport=10243 | protocol=6 | dir=out | app=system | "{53FB94F5-FD7C-407B-9003-F9033C27A3B4}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver | "{5442B365-3A47-45CF-ACD8-4A60A5AEC9F2}" = lport=137 | protocol=17 | dir=in | app=system | "{59BA996E-9178-4473-8341-FF73BAFEAB65}" = lport=138 | protocol=17 | dir=in | app=system | "{61BD4BA9-92AD-4C0A-AF46-2F1A711B041B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6C0ED348-2FE8-48F7-8025-D5E3FB0A227D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe | "{76189C0B-E794-4187-AE7C-B760BEAD4479}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe | "{7C6809A3-076C-463C-BBC3-F9850AD47275}" = lport=2869 | protocol=6 | dir=in | app=system | "{7E86A563-0982-47AF-B7E4-1EE04FA35CD0}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12outlook.exe | "{7F3787C2-6B59-4013-AE75-5AEAB818D2B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe | "{8105771F-E3FC-49EE-91FE-153BC641A0D1}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver | "{902228C8-5226-4A37-80D5-2AC1E090CB63}" = lport=139 | protocol=6 | dir=in | app=system | "{93CF8622-C338-47BD-A4E9-C6F52772FDF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe | "{A515DAC9-5FEC-47B0-91C0-51667BE347FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{B36B800B-0A98-4A41-B358-C65B2A72334C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BBE42DDB-0E04-4476-B24E-FBF48734CAAD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe | "{D61CD8AD-670B-44D1-9678-4B74B5E88AA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe | "{D75B977E-6F7D-4FCA-B094-E24944E19090}" = rport=138 | protocol=17 | dir=out | app=system | "{E4759053-4412-4B6A-83F2-2EE502778970}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe | "{F1391560-9DC4-429C-B697-BEBF223E2CD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe | "{F9ACCA38-33CF-4A20-8EE0-E51F2F891979}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:windowsmicrosoft.netframework64v4.0.30319smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules] "{122D9423-CE6E-4F3E-A1A7-66ED6CA01D66}" = dir=in | app=c:program files (x86)cyberlinkpowerdvd dxpdvddxsrv.exe | "{25144595-F361-4E4B-B1F6-216DA7DA116E}" = protocol=6 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe | "{28C6EF13-C4F9-44EC-ADDA-898D3402788E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2B0C9458-7495-40B6-9F25-6630F81AD39A}" = protocol=17 | dir=in | app=c:usersrockin revappdataroamingdropboxbindropbox.exe | "{30673D7F-9CC9-4D3D-9C1A-FD72A84CA011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{334A1306-6F09-4078-986C-7CF9E9B232A7}" = protocol=6 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer.exe | "{374B89B2-132F-49CD-8797-F83A5496099E}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe | "{395D7403-426C-4F61-A997-9F4AF0FA88B3}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe | "{4118D22D-68DF-4969-BAF8-ED124497BE68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{42AE129D-EAF8-4ED5-B15F-180FAED254EF}" = dir=in | app=c:program files (x86)cyberlinkpowerdvd dxpowerdvd.exe | "{530F8269-6649-49BA-99CD-DB7F8B3B1626}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe | "{62442448-617E-445D-877C-AFB246AC9704}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6F53697A-3383-4C7E-B5B8-39BC8E43739B}" = dir=in | app=c:program files (x86)windows livemessengerwlcsdk.exe | "{78385FAA-9414-44E8-BBE6-C4F4297C0FEF}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe | "{7BCF28A3-5653-4722-B30D-B01CDD58978A}" = protocol=6 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer_service.exe | "{7D41BB5A-8FDE-4BA5-8A3E-2402E02D7E30}" = protocol=17 | dir=in | app=c:program files (x86)ionez video convertermediatv.exe | "{7DC69143-E9D2-4406-AE88-A385759684C6}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe | "{85DC91C7-502A-473C-8A72-34F3CF100D97}" = protocol=6 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe | "{875B3825-A9A2-47BD-9160-9853DA2E4EC4}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe | "{8941F1BE-1F3C-43F1-8A99-C3C06AC08AF4}" = protocol=17 | dir=in | app=c:program files (x86)videolanvlcvlc.exe | "{8FD5112E-F919-4305-BF6D-0730EC78AA1D}" = dir=in | app=c:program files (x86)itunesitunes.exe | "{9119AF32-7E24-4831-8CD2-27EC393017FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe | "{9C5AE56D-EBE5-4B45-BFAC-89CE2D407698}" = protocol=6 | dir=in | app=c:usersrockin revappdataroamingdropboxbindropbox.exe | "{A2790462-74F3-40A1-9983-2AB4F3B43E46}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe | "{A3ED6347-FBA8-4900-9D50-7B6605B710C0}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe | "{A6011328-0BF8-4032-B822-E5D5CF5FF721}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe | "{A8B200BF-1198-40EF-AB20-7504FC93310D}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe | "{AF8EC3FC-8FC5-4242-836F-D7BC421E7B43}" = protocol=6 | dir=in | app=c:program files (x86)ionez video convertermediatv.exe | "{B11A02F6-0234-4A7A-9ECE-194469CE7904}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe | "{B2E7C03A-963A-4429-81E2-CE547D4A704C}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe | "{B7A3E20E-BF71-40F3-BB0F-0127D6B96A02}" = protocol=17 | dir=in | app=c:program files (x86)yahoo!messengeryahoomessenger.exe | "{BA80042C-61E4-4579-A429-55E6FA47318D}" = protocol=6 | dir=in | app=c:program files (x86)videolanvlcvlc.exe | "{CA4549BA-71FA-4006-8A40-3C17A5CDCF0A}" = protocol=6 | dir=in | app=c:program files (x86)yahoo!messengeryahoomessenger.exe | "{D2B2C2F3-D9F2-4A63-BACD-2F9DD38890A7}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe | "{D7472C60-F790-4D04-A41E-A15D0E9BEEDA}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe | "{DCEAE4EF-A20D-4E18-86D3-8011BEC17711}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe | "{DD9DE206-F106-49DA-8DDE-FED12AFEA607}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe | "{E8450675-920C-4F85-A4D7-BBABED0BDA51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F18C8283-D4E5-47C2-946B-0407BA027A98}" = protocol=58 | dir=in | app=system | "{F28082B7-CFD3-42FE-BD39-F0F0B58B7E3C}" = protocol=17 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer.exe | "{F6527590-2BD7-4CEF-B59B-FF4623EDDABE}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe | "{FA70FDEB-27B6-4215-9522-7C89B92DB3B9}" = protocol=17 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer_service.exe | "{FB890A38-B00F-4773-A3F8-630C46165FFC}" = protocol=17 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe | "{FD24DBCC-658D-447D-B825-F2BB9AAD0D2D}" = protocol=6 | dir=out | app=system | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{04C8E4DB-C344-BABE-7636-102B3E30C4EA}" = ATI Catalyst Install Manager "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit) "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Dell Support Center" = Dell Support Center "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall "Glo Bible Software" = Glo Bible Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{04E364F1-4582-4567-A6C8-C7FBBCC86C91}" = ION EZ Video Converter "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5 "{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare "{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch "{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy "{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish "{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish "{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French "{76247198-4962-41BA-B913-8025C5A658C8}" = NetObjects Fusion 8 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English "{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{BC650175-58D2-400A-BCF8-B3B473052B70}" = NetObjects Fusion 8 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}" = MediaImpression 2.0 for PENTAX "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian "{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light "{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard "{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek "{F84B62D4-2F12-4F17-A274-ADA8032EB44B}" = Envisioneer Express 7 "{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced SystemCare 5_is1" = Advanced SystemCare 5 "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "DivX Setup" = DivX Setup "EPSON Scanner" = EPSON Scan "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.3.4.1 "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "iLivid" = iLivid "ImgBurn" = ImgBurn "InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5 "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "InstallShield_{F84B62D4-2F12-4F17-A274-ADA8032EB44B}" = Envisioneer Express 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "PROPLUS" = Microsoft Office Professional Plus 2007 "SpywareBlaster_is1" = SpywareBlaster 4.6 "TaxACT 2009" = TaxACT 2009 "TaxACT 2010" = TaxACT 2010 "TaxACT 2011 - 1040 Edition" = TaxACT 2011 - 1040 Edition "TeamViewer 7" = TeamViewer 7 "Theophilos 3.0_is1" = Theophilos 3.0 "TRENDnet 200Mbps Powerline Utility" = TRENDnet 200Mbps Powerline Utility "VLC media player" = VLC media player 1.1.9 "VLC Setup Helper_is1" = VLC Setup Helper 4.05 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall] "Dropbox" = Dropbox "f031ef6ac137efc5" = Dell Driver Download Manager "Move Media Player" = Move Media Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/1/2012 12:31:48 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:program files (x86)ESETeset online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/1/2012 12:32:29 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:program files (x86)windows livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 10/2/2012 12:31:56 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:program files (x86)ESETeset online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/2/2012 12:32:39 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:program files (x86)windows livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 10/2/2012 8:48:44 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:UsersRockin RevDesktopNew Briefcaseesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/4/2012 12:32:16 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:program files (x86)ESETeset online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/4/2012 12:33:05 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:program files (x86)windows livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 10/5/2012 12:31:59 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:program files (x86)ESETeset online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/5/2012 12:32:47 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:program files (x86)windows livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 10/6/2012 12:00:05 AM | Computer Name = RockinRev-PC | Source = VSS | ID = 8193 Description = [ Dell Events ] Error - 3/26/2011 8:29:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/12/2011 8:06:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/12/2011 8:06:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/15/2011 7:24:51 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/15/2011 7:24:51 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/20/2011 6:37:30 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/20/2011 6:37:30 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/27/2011 2:10:24 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/27/2011 2:10:24 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 1/11/2012 8:48:41 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ OSession Events ] Error - 5/18/2011 8:13:37 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3405 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/8/2011 7:02:25 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 552821 seconds with 3360 seconds of active time. This session ended with a crash. Error - 9/14/2011 8:35:02 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11/1/2012 7:31:05 AM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030 Description = The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/1/2012 7:41:06 AM | Computer Name = RockinRev-PC | Source = DCOM | ID = 10010 Description = Error - 11/1/2012 7:41:54 AM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7000 Description = The Dock Login Service service failed to start due to the following error: %%2 Error - 11/1/2012 7:45:46 AM | Computer Name = RockinRev-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/1/2012 7:45:46 AM | Computer Name = RockinRev-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/1/2012 2:21:07 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/1/2012 2:23:11 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/1/2012 2:26:37 PM | Computer Name = RockinRev-PC | Source = DCOM | ID = 10010 Description = Error - 11/1/2012 2:27:25 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7000 Description = The Dock Login Service service failed to start due to the following error: %%2 Error - 11/1/2012 2:27:31 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7023 Description = The Server service terminated with the following error: %%14 < End of report >
  5. Thanks...here are the scans: OTL logfile created on: 11/2/2012 7:10:38 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.47% Memory free 7.50 Gb Paging File | 6.12 Gb Available in Paging File | 81.59% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 451.07 Gb Total Space | 84.92 Gb Free Space | 18.83% Space Free | Partition Type: NTFS Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersRockin RevDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit) PRC - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) PRC - C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (DockLoginService) -- C:Program FilesDellDellDockDockLogin.exe File not found SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation) SRV:64bit: - (AERTFilters) -- C:Program FilesRealtekAudioHDAAERTSr64.exe (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (AdvancedSystemCareService5) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit) SRV - (TeamViewer7) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe (TeamViewer GmbH) SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation) SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe () SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe () SRV - (GoToAssist) -- C:Program Files (x86)CitrixGoToAssist514g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ArcSoft Inc.) SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (Yahoo! Inc.) SRV - (EPSON_EB_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:Program FilesDell Support Centerpcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (VCR2PC) -- C:WindowsSysNativedrivers0140_ION.sys (Trident Multimedia Technologies Co.,Ltd) DRV:64bit: - (SCDEmu) -- C:WindowsSysNativedriversscdemu.sys (PowerISO Computing, Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.) DRV:64bit: - (k57nd60a) -- C:WindowsSysNativedriversk57nd60a.sys (Broadcom Corporation) DRV:64bit: - (AtiHdmiService) -- C:WindowsSysNativedriversAtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:WindowsSysNativedriversLMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:WindowsSysNativedriversLHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (WimFltr) -- C:WindowsSysNativedriversWimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {F4F155B9-542E-4132-8E93-719BCAE2D1B6} IE:64bit: - HKLM..SearchScopes{F4F155B9-542E-4132-8E93-719BCAE2D1B6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLM..SearchScopes,DefaultScope = {38D94A0A-B4A8-4CD4-8D18-1A1627459FD5} IE - HKLM..SearchScopes{38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.my.yahoo.com/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie IE - HKCU..SearchScopes,DefaultScope = {09512006-C404-41B9-8064-7DEBD5808D55} IE - HKCU..SearchScopes{09512006-C404-41B9-8064-7DEBD5808D55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: 4nffxtbr@ConservativeTalkNow_4n.com:2.50.0.56219 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: getmail@webdesigns.ms11.net:3.3.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}:1.0.126.1 FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll () FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - HKLMSoftwareMozillaPlugins@ConservativeTalkNow_4n.com/Plugin: C:Program Files (x86)ConservativeTalkNow_4nbar1.binNP4nStub.dll File not found FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC) FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.5.1: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation) FF - HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program Files (x86)Yahoo!SharednpYState.dll (Yahoo! Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions4nffxtbr@ConservativeTalkNow_4n.com: C:Program Files (x86)ConservativeTalkNow_4nbar1.bin [2012/08/25 18:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/10/16 13:57:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsComponents: C:Program Files (x86)Mozilla Thunderbirdcomponents [2012/06/05 19:52:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsPlugins: C:Program Files (x86)Mozilla Thunderbirdplugins [2012/08/15 19:36:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsmoveplayer@movenetworks.com: C:UsersRockin RevAppDataRoamingMove Networks [2011/05/04 19:11:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M] [2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions [2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/25 08:41:05 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions [2012/10/25 08:41:05 | 000,000,000 | ---D | M] (ConservativeTalkNow) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions4nffxtbr@ConservativeTalkNow_4n.com [2012/08/01 20:22:05 | 000,741,958 | ---- | M] () (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010/06/08 11:31:24 | 000,000,923 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginsconduit.xml [2010/12/13 16:43:42 | 000,002,698 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginstwitter.xml [2012/10/27 08:46:25 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/10/16 13:57:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5 [2012/10/27 08:46:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll [2011/08/02 12:07:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:Program Files (x86)mozilla firefoxpluginsNPcol400.dll [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpMozCouponPrinter.dll [2012/08/30 17:50:20 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml [2012/10/11 19:57:16 | 000,002,058 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - Extension: YouTube = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: DivX Plus Web Player HTML5 u003Cvideou003E = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsnneajnkjbffgblleaoojgaacokifdkhm2.1.2.145_0 CHR - Extension: Gmail = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/11/01 07:18:03 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.) O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU..ToolbarWebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKCU..Run: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.) O4 - HKLM..RunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" File not found O4 - Startup: C:UsersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{DB887993-8B81-4006-9962-D38A9B9E9232}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EC65B112-7899-4765-9125-B7D3AC103FC9}: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 O18:64bit: - ProtocolHandlerlivecall - No CLSID value found O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlermsnim - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20:64bit: - WinlogonNotifyGoToAssist: DllName - (C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll) - File not found O20:64bit: - WinlogonNotifyLBTWlgn: DllName - (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) - c:Program FilesCommon FilesLogishrdBluetoothLBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:WindowsSysNativeappmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/02 07:01:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe [2012/11/01 14:27:36 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/11/01 14:25:03 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/11/01 07:31:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5 [2012/11/01 07:26:35 | 000,000,000 | ---D | C] -- C:Config.Msi [2012/11/01 07:08:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/11/01 07:08:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/11/01 07:08:30 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/11/01 07:07:57 | 000,000,000 | ---D | C] -- C:Qoobox [2012/11/01 07:07:47 | 000,000,000 | ---D | C] -- C:Windowserdnt [2012/11/01 06:53:45 | 004,991,994 | R--- | C] (Swearware) -- C:UsersRockin RevDesktopComboFix.exe [2012/10/31 14:48:13 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersRockin RevDesktoptdsskiller.exe [2012/10/31 14:47:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersRockin RevDesktopaswMBR.exe [2012/10/31 14:47:10 | 000,687,724 | R--- | C] (Swearware) -- C:UsersRockin RevDesktopdds(1).com [2012/10/29 12:14:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:UsersRockin RevDesktopHijackThis.exe [2012/10/28 06:27:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Security Client [2012/10/28 06:27:27 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Security Client [2012/10/28 06:21:24 | 013,529,576 | ---- | C] (Microsoft Corporation) -- C:UsersRockin RevDesktopmseinstall.exe [2012/10/27 08:46:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox [2012/10/16 13:58:51 | 000,000,000 | ---D | C] -- C:UsersRockin RevAppDataLocalDDMSettings [2012/10/11 07:18:34 | 000,000,000 | ---D | C] -- C:Airprint [2012/10/09 18:26:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesrcore.dll [2012/10/09 18:26:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll [2012/10/09 18:26:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll [2012/10/09 18:26:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll [2012/10/09 18:26:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe [2012/10/09 18:26:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll [2012/10/09 18:26:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll [2012/10/09 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe [2012/10/09 18:26:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll [2012/10/09 18:26:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll [2012/10/09 18:26:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll [2012/10/09 18:26:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll [2012/10/09 18:26:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe [2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll [2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll [2012/10/09 18:26:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll [2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll [2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll [2012/10/09 18:26:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe [2012/10/09 18:25:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe [2012/10/09 18:25:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe [2012/10/09 18:25:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe [2012/10/09 18:25:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe [2012/10/09 18:25:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys [2012/10/09 18:25:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll [2012/10/09 18:23:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll [2012/10/09 18:23:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecryptnet.dll [2012/10/09 18:23:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewin32spl.dll [2012/10/09 18:23:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64win32spl.dll [2012/10/09 18:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:Windowssplwow64.exe [2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/02 07:04:21 | 000,779,266 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/11/02 07:04:21 | 000,660,280 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/11/02 07:04:21 | 000,121,208 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/11/02 07:02:00 | 000,000,906 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/11/02 07:01:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe [2012/11/02 05:43:31 | 000,014,763 | ---- | M] () -- C:UsersRockin RevDesktopTransactions_110212_054233.pdf [2012/11/02 02:08:21 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/02 02:08:21 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/01 14:27:32 | 000,000,902 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/11/01 14:27:25 | 000,000,506 | ---- | M] () -- C:WindowstasksSystemToolsDailyTest.job [2012/11/01 14:27:19 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/11/01 14:27:11 | 3019,091,968 | -HS- | M] () -- C:hiberfil.sys [2012/11/01 07:31:02 | 000,001,274 | ---- | M] () -- C:UsersPublicDesktopUninstaller.lnk [2012/11/01 07:31:01 | 000,001,223 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk [2012/11/01 07:18:03 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/11/01 06:53:58 | 004,991,994 | R--- | M] (Swearware) -- C:UsersRockin RevDesktopComboFix.exe [2012/10/31 15:01:57 | 000,000,512 | ---- | M] () -- C:UsersRockin RevDesktopMBR.dat [2012/10/31 14:48:27 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersRockin RevDesktoptdsskiller.exe [2012/10/31 14:48:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersRockin RevDesktopaswMBR.exe [2012/10/31 14:47:14 | 000,687,724 | R--- | M] (Swearware) -- C:UsersRockin RevDesktopdds(1).com [2012/10/29 12:14:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:UsersRockin RevDesktopHijackThis.exe [2012/10/28 06:28:02 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif [2012/10/28 06:21:34 | 013,529,576 | ---- | M] (Microsoft Corporation) -- C:UsersRockin RevDesktopmseinstall.exe [2012/10/27 09:41:18 | 000,001,111 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/10/27 09:12:21 | 000,000,824 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/10/25 08:47:56 | 000,000,564 | ---- | M] () -- C:WindowstasksPCDoctorBackgroundMonitorTask.job [2012/10/20 09:11:52 | 000,704,578 | ---- | M] () -- C:UsersRockin RevDesktopimg036.pdf [2012/10/16 13:57:56 | 000,001,622 | ---- | M] () -- C:UsersRockin RevDesktopDivX Movies.lnk [2012/10/16 13:57:31 | 000,001,114 | ---- | M] () -- C:UsersPublicDesktopDivX Plus Player.lnk [2012/10/09 18:43:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/10/09 18:43:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/10/09 18:42:11 | 000,550,600 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/02 05:43:31 | 000,014,763 | ---- | C] () -- C:UsersRockin RevDesktopTransactions_110212_054233.pdf [2012/11/01 07:31:02 | 000,001,274 | ---- | C] () -- C:UsersPublicDesktopUninstaller.lnk [2012/11/01 07:31:01 | 000,001,223 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk [2012/11/01 07:08:30 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/11/01 07:08:30 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/11/01 07:08:30 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/11/01 07:08:30 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/11/01 07:08:30 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/10/31 15:01:57 | 000,000,512 | ---- | C] () -- C:UsersRockin RevDesktopMBR.dat [2012/10/28 06:28:02 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif [2012/10/28 06:27:52 | 000,002,119 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk [2012/10/20 09:11:51 | 000,704,578 | ---- | C] () -- C:UsersRockin RevDesktopimg036.pdf [2012/10/16 13:57:31 | 000,001,114 | ---- | C] () -- C:UsersPublicDesktopDivX Plus Player.lnk [2011/11/19 08:34:13 | 000,000,061 | ---- | C] () -- C:WindowsTaxACT11.ini [2011/05/21 17:50:00 | 000,000,109 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.32.bc [2011/05/21 17:47:03 | 000,772,990 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2011/05/12 14:52:31 | 000,001,940 | ---- | C] () -- C:UsersRockin RevAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:WindowsSysWow64atipblag.dat [2010/12/14 14:58:13 | 000,004,096 | -H-- | C] () -- C:UsersRockin RevAppDataLocalkeyfile3.drm [2010/12/13 08:56:41 | 000,000,048 | ---- | C] () -- C:WindowsTaxACT10.ini [2010/09/15 17:37:18 | 000,009,728 | ---- | C] () -- C:UsersRockin RevAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 "" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] "" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64 "" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] "" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64 "" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%*.exe > < MD5 for: EXPLORER.EXE > [2010/04/01 12:08:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889explorer.exe [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25explorer.exe [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowserdntcache86explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowsexplorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe [2010/04/01 12:08:14 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81explorer.exe [2010/04/01 12:08:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41cexplorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:WindowsSysWOW64explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007explorer.exe [2010/04/01 12:08:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617explorer.exe [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSexplorer.exe [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe [2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7explorer.exe [2010/04/01 12:08:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9explorer.exe [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2explorer.exe [2010/04/01 12:08:14 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568eexplorer.exe [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9explorer.exe [2010/04/01 12:08:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79aeexplorer.exe [2010/04/01 12:08:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7cexplorer.exe < MD5 for: SERVICES.EXE > [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:Windowserdntcache64services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:WindowsSysNativeservices.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:Windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe [2004/08/04 03:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386services.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:Windowserdntcache86svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:WindowsSysWOW64svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonsvchost.exe [2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:Windowserdntcache64svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:WindowsSysNativesvchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe < MD5 for: USERINIT.EXE > [2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:Windowserdntcache86userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:WindowsSysWOW64userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:Windowserdntcache64userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:WindowsSysNativeuserinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:Windowserdntcache64winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:WindowsSysNativewinlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829cwinlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonwinlogon.exe [2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042adwinlogon.exe < %systemroot%*. /rp /s > < %systemdrive%$Recycle.Bin|@;true;true;true > ========== Drive Information ========== Physical Drives --------------- Drive: .PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: ST3500418AS ATA Device Partitions: 3 Status: OK Status Info: 0 Drive: .PHYSICALDRIVE1 - Interface type: USB Media Type: Model: Generic- SD/MMC USB Device Partitions: 0 Status: OK Status Info: 0 Drive: .PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic- Compact Flash USB Device Partitions: 0 Status: OK Status Info: 0 Drive: .PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic- SM/xD Picture USB Device Partitions: 0 Status: OK Status Info: 0 Drive: .PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic- MS/MS-Pro USB Device Partitions: 0 Status: OK Status Info: 0 Drive: .PHYSICALDRIVE5 - Interface type: USB Media Type: Model: EPSON Stylus Storage USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 39.00MB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 15.00GB Starting Offset: 41943040 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 451.00GB Starting Offset: 15770583040 Hidden sectors: 0 < HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU > < HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:WindowsSystem32configsystemprofileAppDataLocalApplication Data] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction [C:WindowsSystem32configsystemprofileAppDataLocalHistory] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory -> Junction [C:WindowsSystem32configsystemprofileAppDataLocalTemporary Internet Files] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files -> Junction [C:WindowsSystem32configsystemprofileApplication Data] -> C:Windowssystem32configsystemprofileAppDataRoaming -> Junction [C:WindowsSystem32configsystemprofileLocal Settings] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction [C:WindowsSystem32configsystemprofileStart Menu] -> C:Windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsStart Menu -> Junction [C:WindowsSysWOW64configsystemprofileAppDataLocalApplication Data] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction [C:WindowsSysWOW64configsystemprofileAppDataLocalHistory] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory -> Junction [C:WindowsSysWOW64configsystemprofileAppDataLocalTemporary Internet Files] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files -> Junction [C:WindowsSysWOW64configsystemprofileApplication Data] -> C:Windowssystem32configsystemprofileAppDataRoaming -> Junction [C:WindowsSysWOW64configsystemprofileLocal Settings] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction [C:WindowsSysWOW64configsystemprofileStart Menu] -> C:Windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsStart Menu -> Junction ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34 < End of report >
  6. Good Morning: I am sorry to say that Babylon Search still shows up when I am on MyYahoo page and I click to open a new blank tab...Babylon Search comes up. Thanks for all your help. The computer is running better but some sites are still hanging during download and taking a long time. Must be some setting with the Shentel Service. I never had this problem when I was with Comcast but have just moved here to Lynchburg VA area and had to get the new service. Again thanks for your time and help. Rev Roy
  7. ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 14:17:16.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2606 [GMT -4:00] Running from: c:usersRockin RevDesktopComboFix.exe Command switches used :: c:usersRockin RevDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))) . . 2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll 2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client 2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings 2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint 2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll 2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe 2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe 2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe 2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll 2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll 2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll 2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll 2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll 2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll 2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll 2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll 2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll 2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe 2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe 2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe 2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys 2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp 2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys 2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys 2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll 2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll 2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll 2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll 2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll 2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll 2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll 2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys 2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll 2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll 2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776] . c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840] . c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [N/A] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [x] R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936] R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168] R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736] R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736] R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960] R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160] R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176] R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440] R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808] S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program files (x86)IObitAdvanced SystemCare 5ASCService.exe [2012-05-26 913792] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776] S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648] S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432] S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072] . . Contents of the 'Scheduled Tasks' folder . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . 2012-11-01 c:windowsTasksSystemToolsDailyTest.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.my.yahoo.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; 4nffxtbr@ConservativeTalkNow_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-RunOnce-c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe - c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:programdata{D19C2D22-6043-47E7-B400-83A351841204}delldock.exe . . . [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-11-01 14:25:02 ComboFix-quarantined-files.txt 2012-11-01 18:25 ComboFix2.txt 2012-11-01 11:22 . Pre-Run: 92,273,221,632 bytes free Post-Run: 91,869,147,136 bytes free . - - End Of File - - CCE4A239684FD1B002758B4F1D467DEB
  8. ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 14:17:16.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2606 [GMT -4:00] Running from: c:usersRockin RevDesktopComboFix.exe Command switches used :: c:usersRockin RevDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))) . . 2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll 2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client 2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings 2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint 2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll 2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe 2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe 2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe 2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll 2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll 2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll 2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll 2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll 2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll 2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll 2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll 2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll 2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe 2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe 2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe 2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys 2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp 2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys 2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys 2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll 2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll 2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll 2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll 2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll 2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll 2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll 2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys 2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll 2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll 2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776] . c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840] . c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [N/A] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [x] R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936] R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168] R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736] R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736] R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960] R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160] R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176] R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440] R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808] S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program files (x86)IObitAdvanced SystemCare 5ASCService.exe [2012-05-26 913792] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776] S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648] S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432] S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072] . . Contents of the 'Scheduled Tasks' folder . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . 2012-11-01 c:windowsTasksSystemToolsDailyTest.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.my.yahoo.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; 4nffxtbr@ConservativeTalkNow_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-RunOnce-c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe - c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:programdata{D19C2D22-6043-47E7-B400-83A351841204}delldock.exe . . . [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-11-01 14:25:02 ComboFix-quarantined-files.txt 2012-11-01 18:25 ComboFix2.txt 2012-11-01 11:22 . Pre-Run: 92,273,221,632 bytes free Post-Run: 91,869,147,136 bytes free . - - End Of File - - CCE4A239684FD1B002758B4F1D467DEB
  9. Really appreciate you folks! ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 7:10.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2131 [GMT -4:00] Running from: c:usersRockin RevDesktopComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowsCOUPon~1.ocx . . ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))) . . 2012-11-01 10:38 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{275DB137-D882-40D2-B94D-B8CD9C3DAAE7}mpengine.dll 2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll 2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client 2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client 2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings 2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint 2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll 2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe 2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe 2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe 2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll 2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll 2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll 2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll 2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll 2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll 2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll 2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll 2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll 2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll 2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe 2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe 2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe 2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys 2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp 2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys 2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys 2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll 2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll 2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll 2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll 2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll 2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll 2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll 2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys 2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll 2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll 2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736] "Messenger (Yahoo!)"="c:progra~2Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce] "c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2011-10-24 559616] . c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840] . c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936] R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168] R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736] R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736] R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960] R4 AdvancedSystemCareService;Advanced SystemCare Service;c:program files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-08-09 328536] R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160] R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176] R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440] R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176] R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808] S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776] S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648] S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [2009-06-09 155648] S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432] S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632] S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE [2011-08-18 1692480] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54] . 2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . 2012-11-01 c:windowsTasksSystemToolsDailyTest.job - c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.my.yahoo.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3412_1&babsrc=KW_ss&mntrId=52d33c9000000000000000262d1bb039&q= FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; 4nffxtbr@ConservativeTalkNow_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ------- File Associations ------- . JSEFile=%SystemRoot%SysWow64CScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:program files (x86)Common FilesAppleInternet Servicesubd.exe SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:program files (x86)IObitAdvanced SystemCare 4PMonitor.exe c:program files (x86)Dell DataSafe Local BackupTOASTER.EXE c:program files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE . ************************************************************************** . Completion time: 2012-11-01 07:22:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-01 11:22 . Pre-Run: 92,027,400,192 bytes free Post-Run: 92,115,124,224 bytes free . - - End Of File - - 7DEC7682BE1BA3C5FDA1EB4A1113D612
  10. Thanks for your help. DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Rockin Rev at 14:50:50 on 2012-10-31 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.1872 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:Windowssystem32atiesrxx.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32atieclxx.exe C:Program FilesDellDellDockDockLogin.exe C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)MicrosoftBingBarSeaPort.EXE C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE C:Windowssystem32svchost.exe -k imgsvc C:Windowssystem32WUDFHost.exe C:Windowssystem32taskhost.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXE C:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe C:Windowssystem32SearchIndexer.exe C:Program Files (x86)Yahoo!Messengerymsgr_tray.exe C:Program FilesWindows Media Playerwmpnetwk.exe c:Program FilesMicrosoft Security ClientMsMpEng.exe C:Program FilesMicrosoft Security Clientmsseces.exe C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe C:Windowssystem32taskhost.exe C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxplugin-container.exe C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe C:Program Files (x86)AWSWeatherBugWeather.exe C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:WindowsSystem32cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.my.yahoo.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe 1 uRun: [Messenger (Yahoo!)] "C:PROGRA~2Yahoo!MESSEN~1YahooMessenger.exe" -quiet uRun: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" StartupFolder: C:UsersROCKIN~1AppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupDropbox.lnk - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:WindowsSystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 209.55.24.10 209.55.27.13 8.8.8.8 TCP: Interfaces{DB887993-8B81-4006-9962-D38A9B9E9232} : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces{EC65B112-7899-4765-9125-B7D3AC103FC9} : DHCPNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 SSODL: WebCheck - <orphaned> x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkey x64-Notify: GoToAssist - C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll x64-Notify: LBTWlgn - c:program filescommon fileslogishrdbluetoothLBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3412_1&babsrc=KW_ss&mntrId=52d33c9000000000000000262d1bb039&q= FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_4.0.0.127coFFPlgncomponentscoFFPlgn.dll FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_4.0.0.127IPSFFPlgncomponentsIPSFFPl.dll FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}componentsRadioWMPCore.dll FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}componentsRadioWMPCoreGecko19.dll FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensionsengine@conduit.comcomponentsRadioWMPCore.dll FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensionsengine@conduit.comcomponentsRadioWMPCoreGecko19.dll FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll FF - plugin: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll FF - plugin: C:Program Files (x86)GooglePicasa3npPicasa3.dll FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrlui.dll FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsNPcol400.dll FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpMozCouponPrinter.dll FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll FF - plugin: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll FF - plugin: C:WindowsSysWOW64npdeployJava1.dll FF - plugin: C:WindowsSysWOW64npmproxy.dll FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; 4nffxtbr@ConservativeTalkNow_4n.com; C:Program Files (x86)ConservativeTalkNow_4nbar1.bin . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2012-8-30 228768] R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2010-9-1 55856] R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2010-4-1 203776] R2 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:Program FilesDellDellDockDockLogin.exe [2009-6-9 155648] R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-10-13 399432] R2 SftService;SoftThinks Agent Service;C:Program Files (x86)Dell DataSafe Local BackupSftService.exe [2010-4-1 1692480] R3 amdkmdag;amdkmdag;C:WindowsSystem32driversatikmdag.sys [2011-4-20 9319936] R3 amdkmdap;amdkmdap;C:WindowsSystem32driversatikmpag.sys [2011-4-20 306176] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2009-10-16 321064] R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2011-4-11 25928] R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:WindowsSystem32driversnetr28ux.sys [2009-9-15 1061888] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:Program FilesDell Support Centerpcdsrvc_x64.pkms [2011-5-12 25072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-10-13 676936] S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-8-23 115168] S3 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2012-8-30 128456] S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientNisSrv.exe [2012-9-12 368896] S3 StorSvc;Storage Service;C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-3-18 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2012-7-9 52736] S3 VCR2PC;VCR2PC Analog Capture;C:WindowsSystem32drivers0140_ION.sys [2008-9-22 301504] S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-7-19 1255736] S4 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960] S4 AdvancedSystemCareService;Advanced SystemCare Service;C:Program Files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-4-27 328536] S4 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-9-28 92160] S4 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176] S4 FlipShareServer;FlipShare Server;C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440] S4 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-8-5 136176] S4 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-8-5 136176] S4 TeamViewer7;TeamViewer 7;C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-17 2855808] . =============== File Associations =============== . FileExt: .vbe: VBEFile=C:WindowsSysWow64CScript.exe "%1" %* FileExt: .vbs: VBSFile=C:WindowsSysWow64CScript.exe "%1" %* FileExt: .js: JSFile=C:WindowsSysWow64CScript.exe "%1" %* FileExt: .jse: JSEFile=C:WindowsSysWow64CScript.exe "%1" %* FileExt: .wsf: WSFFile=C:WindowsSysWow64CScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-10-31 10:39:07 9291768 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{F3F51F2F-07A8-44F4-B3DA-CB05C7695A4C}mpengine.dll 2012-10-31 06:16:07 9291768 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2012-10-28 10:30:20 972192 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll 2012-10-28 10:30:03 279656 ------w- C:WindowsSystem32MpSigStub.exe 2012-10-28 10:27:40 -------- d-----w- C:Program Files (x86)Microsoft Security Client 2012-10-28 10:27:27 -------- d-----w- C:Program FilesMicrosoft Security Client 2012-10-28 10:27:13 -------- d-----w- C:2ec2d0b144d4460af3db177cbd0e59 2012-10-16 17:58:51 -------- d-----w- C:UsersRockin RevAppDataLocalDDMSettings 2012-10-11 11:18:34 -------- d-----w- C:Airprint 2012-10-09 22:27:22 2048 ----a-w- C:WindowsSysWow64tzres.dll 2012-10-09 22:27:22 2048 ----a-w- C:WindowsSystem32tzres.dll 2012-10-09 22:25:51 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe 2012-10-09 22:25:50 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe 2012-10-09 22:25:50 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe 2012-10-09 22:25:47 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe 2012-10-09 22:25:45 715776 ----a-w- C:WindowsSystem32kerberos.dll 2012-10-09 22:25:45 542208 ----a-w- C:WindowsSysWow64kerberos.dll 2012-10-09 22:25:43 950128 ----a-w- C:WindowsSystem32driversndis.sys 2012-10-09 22:25:43 41472 ----a-w- C:WindowsSystem32driversRNDISMP.sys 2012-10-09 22:25:42 220160 ----a-w- C:WindowsSystem32wintrust.dll 2012-10-09 22:25:42 172544 ----a-w- C:WindowsSysWow64wintrust.dll 2012-10-09 22:23:39 1464320 ----a-w- C:WindowsSystem32crypt32.dll 2012-10-09 22:23:38 1159680 ----a-w- C:WindowsSysWow64crypt32.dll 2012-10-09 22:23:35 184320 ----a-w- C:WindowsSystem32cryptsvc.dll 2012-10-09 22:23:35 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll 2012-10-09 22:23:35 140288 ----a-w- C:WindowsSystem32cryptnet.dll 2012-10-09 22:23:35 103936 ----a-w- C:WindowsSysWow64cryptnet.dll 2012-10-09 22:23:02 751104 ----a-w- C:WindowsSystem32win32spl.dll 2012-10-09 22:23:02 67072 ----a-w- C:Windowssplwow64.exe 2012-10-09 22:23:02 559104 ----a-w- C:WindowsSystem32spoolsv.exe 2012-10-09 22:23:02 492032 ----a-w- C:WindowsSysWow64win32spl.dll . ==================== Find3M ==================== . 2012-10-09 22:43:46 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2012-10-09 22:43:46 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe 2012-09-29 23:54:26 25928 ----a-w- C:WindowsSystem32driversmbam.sys 2012-09-28 12:56:37 4096000 ----a-w- C:Program Files (x86)GUT2B35.tmp 2012-08-31 18:19:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys 2012-08-31 02:03:48 228768 ----a-w- C:WindowsSystem32driversMpFilter.sys 2012-08-31 02:03:48 128456 ----a-w- C:WindowsSystem32driversNisDrvWFP.sys 2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys 2012-08-22 18:12:40 376688 ----a-w- C:WindowsSystem32driversnetio.sys 2012-08-22 18:12:33 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS 2012-08-21 17:01:20 33240 ----a-w- C:WindowsSystem32driversGEARAspiWDM.sys 2012-08-21 17:01:20 125872 ----a-w- C:WindowsSystem32GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:WindowsSysWow64GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 14:51:15.28 =============== aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-31 14:52:14 ----------------------------- 14:52:14.312 OS Version: Windows x64 6.1.7601 Service Pack 1 14:52:14.312 Number of processors: 2 586 0x602 14:52:14.312 ComputerName: ROCKINREV-PC UserName: Rockin Rev 14:52:16.714 Initialize success 14:54:54.354 AVAST engine defs: 12103100 14:54:59.674 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 14:54:59.674 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 11 14:54:59.674 Disk 0 MBR read successfully 14:54:59.689 Disk 0 MBR scan 14:54:59.689 Disk 0 Windows VISTA default MBR code 14:54:59.689 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 14:54:59.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 14:54:59.705 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920 14:54:59.720 Disk 0 scanning C:Windowssystem32drivers 14:55:13.729 Service scanning 14:55:42.714 Modules scanning 14:55:42.730 Disk 0 trace - called modules: 14:55:42.745 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:55:42.745 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8004621380] 14:55:42.761 3 CLASSPNP.SYS[fffff8800190f43f] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa80045af060] 14:55:45.085 AVAST engine scan C:Windows 14:55:48.003 AVAST engine scan C:Windowssystem32 14:59:51.722 AVAST engine scan C:Windowssystem32drivers 15:00:24.809 AVAST engine scan C:UsersRockin Rev 15:01:57.661 Disk 0 MBR has been saved successfully to "C:UsersRockin RevDesktopMBR.dat" 15:01:57.676 The log file has been saved successfully to "C:UsersRockin RevDesktopaswMBR.txt" There were no threats found by TDSSKiller so log was created. I f I did anything wrond let me know.
  11. Good Morning: If I open a new tab it will say Babylon Search at the top of the tab. I stay on top of making sure antivirus, etc are kept up to date. I was sure I had removed everything associated with Babylon but apparently something is still messing with me.
  12. Looking for advice on slow and poor performance with websites opening. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:20:23 PM, on 10/29/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Users\Rockin Rev\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Users\Rockin Rev\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dropbox.lnk = Rockin Rev\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9018 bytes
  13. I have finished your advice and am forever thankful! My daughter is very appreciative as well! Thanks JonTom!!!!!! Rev-Roy
  14. Hello JonTom: here is the Eset Scan results. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb3.zip Win32/Bagle.gen.zip worm C:\Qoobox\Quarantine\C\Documents and Settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Documents and Settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar.vir JS/Agent.NCP trojan C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar.vir JS/Agent.NCP trojan C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0002648.manifest Win32/TrojanDownloader.Tracur.F trojan C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0002649.manifest Win32/TrojanDownloader.Tracur.F trojan Could not believe it still had all of these. Thanks, waiting your reply. Rev-Roy
×
×
  • Create New...