Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I Might Be Infected? [Solved]

Started by thinkativeone , May 08 2013 08:30 PM

  • This topic is locked This topic is locked
129 replies to this topic

#91 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 June 2013 - 05:44 AM

Are you still seeing the blue circle as well??
Posted Image
 
 

    Advertisements

Register to Remove

#92 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 13 June 2013 - 02:15 PM

No, we got rid of that in the Windows forum. :) Has never come back - apparently other people had the exact same problem, ConstantGuard.

#93 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 June 2013 - 06:20 AM

Ok....I have been talking with a colleague about your system and we still need to do some things.. You might notice that we are removing a SwagBucks entry. For the time being that needs to go. If you would like to install it after we have finished completely that is up to you, but for now we need to remove it.


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
PRC - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
FF - prefs.js..extensions.enabledAddons: %7B8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94%7D:10.16.2.509
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN18750174481412618&UM=2&q="
[2013/06/02 12:40:43 | 000,000,000 | ---D | M] (Swag Bucks) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new OTL log and let me know how your system is running.
Posted Image
 
 

#94 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 14 June 2013 - 02:50 PM

Okay. This is not meant to sound difficult, but may I ask why? I am having trouble understanding why you potentially seem to think SwagBucks may have something to do with the issues when it doesn't. I only started having the video problems after we were all finished here and I put some add-ons on that I subsequently had to delete.

#95 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 June 2013 - 08:09 PM

Questions are always good. :) SwagBucks is part of Conduit and as long as this is on your system, it will always allow more Conduit programs to make their way to your system. I think that it is in your best interest to remove SwagBucks. You say that the problems with the video has only occurred since being here after installing some add-ons? Which add-ons?
Posted Image
 
 

#96 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 14 June 2013 - 10:00 PM

Questions are always good. :) SwagBucks is part of Conduit and as long as this is on your system, it will always allow more Conduit programs to make their way to your system. I think that it is in your best interest to remove SwagBucks. You say that the problems with the video has only occurred since being here after installing some add-ons? Which add-ons?


That is interesting that it is a part of Conduit, though I know nothing about Conduit personally - do they just use Conduit's system for their toolbar program and that's what the deal is? These problems just do not seem related to SwagBucks, however. SwagBucks is a legitimate program I earn money through by providing market research information. (Not trying to sign anybody up here, just explaining why I am so bent on keeping it.) I have been earning through them since late August-early September of last year - and I have not had any problems regarding the toolbar crop up, the blue circle was plaguing my system about a year before using SB. I understand you think it is in my best interest to remove them, but considering the company themselves poses no threat and that I need the income, I simply cannot remove it as we depend on the funds I earn - which are made easier through use of this toolbar. You earn points (SwagBucks, if someone wants to be nitpicky over terms) that you can exchange for cash through the toolbar, which offers me a quick way to get to their website and complete other tasks that earn points I can exchange. Right now they have a special event going on that enables me to earn more so I need quick access and the search box available at all times. The biggest issue I came on here with, that I noticed affecting my computer that is, was the blue circle. We removed that and now out of nowhere after receiving your final post (the one about logs being all clean and providing links to different programs) I started having the video/audio difficulty. It did the same thing with the start up Windows noise which is why I say audio difficulty, as I wonder if they are related.

If there is nothing else to remove but SwagBucks in your code box I hope you can understand why I do not want to take it off, now that you (hopefully) see it is legitimate. The only thing that I can see that may not be legit is if they are subscribing to Conduit's software for their toolbar and it happens to be faulty - in that case it would be Conduit at fault as the provider and not the company. Hopefully my train of thought there made sense. ^_^

ETA: I followed some of the links aforementioned in your post and they were adware related, one was Web of Trust - can't remember exactly. I saw something in a log about MailWasher and that was something I put on through following those links. Maybe I went too far and something installed looked good but was not! :( Sorry about that. But it really just came out of nowhere very recently; never had this problem before!

Edited by thinkativeone, 14 June 2013 - 10:06 PM.

#97 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 June 2013 - 10:23 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
PRC - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
FF - prefs.js..extensions.enabledAddons: %7B8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94%7D:10.16.2.509
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN18750174481412618&UM=2&q="

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Posted Image
 
 

#98 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 14 June 2013 - 11:34 PM

Hmmmmm. As soon as it rebooted I went to a music video to check and it was obvious immediately that this didn't fix the problem. :thumbdown: I had to have just put something on here that did/caused this or tagged along to it as that's exactly when the audio skipping started happening, I just don't know what. :( :oops:

Here are the logs:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Process ITMRTSVC.exe killed successfully!
Process ComcastAntiSpyService.exe killed successfully!
Service ITMRTSVC stopped successfully!
Service ITMRTSVC deleted successfully!
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter Boggs\Desktop\cmd.bat deleted successfully.
C:\Users\Peter Boggs\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter Boggs
->Temp folder emptied: 7742 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 384498107 bytes
->Google Chrome cache emptied: 48243889 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 23520 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49754 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 413.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06142013_213040

Files\Folders moved on Reboot...
C:\Users\Peter Boggs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


After reboot scan:


OTL logfile created on: 6/14/2013 9:39:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter Boggs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.08% Memory free
7.92 Gb Paging File | 6.43 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 223.24 Gb Free Space | 78.77% Space Free | Partition Type: NTFS

Computer Name: PETERBOGGS-PC | User Name: Peter Boggs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 19:55:17 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/11 15:42:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Boggs\Desktop\OTL.exe
PRC - [2013/05/26 23:04:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/11 19:55:16 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/26 23:04:48 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 12:53:22 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/16 11:18:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 11:18:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:17:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 11:17:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 11:17:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/01/09 01:44:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 01:42:37 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 01:41:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 01:39:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 01:39:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/16 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/06/11 19:55:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:04:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/11 01:09:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/14 00:05:17 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2009/12/26 00:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 18:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/05/31 09:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/29 23:25:26 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130614.019\ex64.sys -- (NAVEX15)
DRV - [2013/05/29 23:25:26 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130614.019\eng64.sys -- (NAVENG)
DRV - [2013/03/14 00:04:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/03/14 00:04:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/12 16:04:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130614.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{88BD13B2-4B94-4784-B14D-0178E1D4E71D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{19B20C5E-1EAF-42DF-BAED-B566063A5EEE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {C58A4226-5CDF-4CDA-B167-CFF995A6CE17}
IE - HKCU\..\SearchScopes\{C58A4226-5CDF-4CDA-B167-CFF995A6CE17}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.condui...412618&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Peter Boggs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Peter Boggs\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Peter Boggs\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Peter Boggs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 09:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2013/06/14 21:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/06/14 21:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/02 22:07:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 09:24:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/02 22:07:38 | 000,000,000 | ---D | M]

[2012/02/14 02:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Extensions
[2013/06/06 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions
[2013/06/02 12:40:43 | 000,000,000 | ---D | M] (Swag Bucks) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\chrome
[2013/05/06 13:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\components
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\META-INF
[2013/05/13 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2aots.default\extensions
[2013/06/01 19:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/26 23:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/26 23:04:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/28 00:06:24 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Peter Boggs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/12 00:22:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 02:27:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 02:27:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 02:27:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 02:27:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 02:27:49 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 02:27:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 02:27:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 02:27:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 02:27:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 02:27:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 02:27:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 02:27:48 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 02:27:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 02:27:47 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 02:27:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 00:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 18:13:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 18:13:38 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 18:13:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 18:13:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 18:13:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 18:13:23 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 18:13:23 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 18:13:23 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 18:13:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 18:13:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 18:13:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 18:13:10 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 18:13:09 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/11 15:42:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter Boggs\Desktop\OTL.exe
[2013/06/09 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/08 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\Desktop\Pet Health
[2013/06/08 18:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/05 17:24:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/06/05 17:24:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/06/05 17:24:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/06/05 17:24:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/06/05 17:24:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/06/05 17:24:05 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/06/05 17:24:05 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/06/05 17:24:05 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/06/05 17:24:05 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/06/05 17:24:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/06/05 17:24:05 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/06/05 17:24:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/06/05 17:24:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/06/05 17:24:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/06/05 17:24:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/06/05 17:24:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/06/05 17:24:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/06/05 17:24:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/06/05 17:24:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/06/05 17:24:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/06/05 17:24:04 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/06/05 17:24:04 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/06/05 17:24:04 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/06/05 17:24:03 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/06/05 17:22:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/06/05 17:22:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/06/05 17:22:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/05/26 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/22 12:50:12 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Local\Unity
[2013/05/22 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InContext Solutions
[2013/05/22 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Local\InContext Solutions
[2013/05/21 16:35:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/05/18 18:54:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/18 18:54:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/17 15:15:11 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Roaming\Malwarebytes
[2013/05/17 15:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/17 15:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/17 15:14:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/17 15:12:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Local\Programs
[2013/05/17 14:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/17 14:53:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/17 14:53:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/17 14:53:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/17 14:53:11 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files - Modified Within 30 Days ==========

[2013/06/14 21:42:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 21:42:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 21:35:33 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/14 21:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/14 21:35:08 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/14 21:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/14 20:56:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000UA.job
[2013/06/14 20:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/14 15:56:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000Core.job
[2013/06/13 21:39:48 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/13 21:39:48 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/13 21:39:48 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/12 20:32:52 | 004,748,666 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\SpotCloseUp.JPG
[2013/06/12 20:31:56 | 004,022,911 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\TeddySpot.JPG
[2013/06/12 00:22:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/06/11 21:34:11 | 000,022,798 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\bestparty.png
[2013/06/11 19:55:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 19:55:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 15:42:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Boggs\Desktop\OTL.exe
[2013/06/08 18:11:05 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 17:07:33 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 23:19:02 | 484,625,547 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/17 14:52:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/17 14:52:50 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/05/17 14:52:50 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/17 14:52:50 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/17 14:52:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/17 14:52:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/16 18:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 18:25:26 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 18:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/16 18:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/16 18:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/16 17:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/16 17:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/16 17:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/16 17:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/16 17:58:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 17:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/16 17:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/16 17:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/16 11:12:52 | 000,343,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/13 21:41:14 | 004,748,666 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\SpotCloseUp.JPG
[2013/06/13 21:41:12 | 004,022,911 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\TeddySpot.JPG
[2013/06/11 21:34:11 | 000,022,798 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\bestparty.png
[2013/06/08 18:11:05 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/15 19:54:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETERBOGGS-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/05 03:08:58 | 000,000,243 | ---- | C] () -- C:\Users\Peter Boggs\dsj.xml
[2012/09/05 03:08:58 | 000,000,000 | ---- | C] () -- C:\Users\Peter Boggs\G3sessionisrunning
[2012/03/14 23:49:29 | 000,144,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/22 20:56:44 | 000,000,326 | ---- | C] () -- C:\Users\Peter Boggs\AppData\Roaming\wklnhst.dat
[2011/01/15 23:34:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#99 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 June 2013 - 07:37 AM

You don't remember the add-ons that you put on recently?
Posted Image
 
 

#100 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 15 June 2013 - 03:29 PM

I took them all off the first day due to them keeping me from getting work done; even when I played with settings. All I remember is: NoScript, AdBlock Plus, WOT (Web of Trust), Online Armor (wanted to charge me despite it saying it was free), and something called MailWasher I found through one of those links. If there are any more I do not remember it. Is there a way to scan for these things?

Edited by thinkativeone, 15 June 2013 - 03:29 PM.

    Advertisements

Register to Remove

#101 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 June 2013 - 05:30 PM

You should try to disable the add-ons one at a time until you figure out which add-on is effecting your system this way. If none of them change anything we know that there is something else. Let me know what happens.
Posted Image
 
 

#102 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 16 June 2013 - 06:06 PM

Not sure if you missed this, but I removed them days ago. The same day I put them on or the day after. I'm thinking something bad might have tagged on to one of these programs but I have no idea which.

#103 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 June 2013 - 06:49 PM

You have a paid version of Norton with the license key still correct?
Posted Image
 
 

#104 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 16 June 2013 - 11:45 PM

We got Norton through ConstantGuard, part of our Comcast internet service. It is still on the computer, but I don't know where the product key is. We took ConstantGuard off as it caused the blue circle but we kept Norton.

#105 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 June 2013 - 05:36 AM

Ok...let me think on this a bit. There is a conflict someplace. I will return as quickly as I can.
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·