Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I keep getting the following security alert message when I surf [Solve


  • This topic is locked This topic is locked
55 replies to this topic

#31 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 12 December 2013 - 08:24 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
samanthaxbaby :: SAMANTHA [administrator]

11/13/2013 3:13:33 PM
mbam-log-2013-11-13 (15-13-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 457356
Time elapsed: 2 hour(s), 22 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

    Advertisements

Register to Remove


#32 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 December 2013 - 09:21 AM

Hi babbagene,

Please post the ESET scan results when they are available.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#33 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 12 December 2013 - 11:04 AM

C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application
C:\Users\Joseph\AppData\LocalLow\oovootb\oovootb.dll a variant of Win32/Toolbar.Visicom.A application
C:\Users\Public\Downloads\18WheelsHaulin-dm[1].exe a variant of Win32/Adware.Trymedia.A application
C:\Users\Public\Downloads\18Wheels_of_Steel-dm[1].exe a variant of Win32/Adware.Trymedia.A application
C:\Users\samanthaxbaby\Desktop\installer_frostwire.exe multiple threats


The computer runs fine accept for the problems I initially mentioned.

#34 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 December 2013 - 08:41 PM

Hi babbagene,

I don't believe your problem is malware related. Let's remove the last of these leftovers.

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • ooVoo Toolbar (if present)
=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Users\Joseph\AppData\LocalLow\oovootb
    C:\Users\Public\Downloads\18WheelsHaulin-dm[1].exe
    C:\Users\Public\Downloads\18Wheels_of_Steel-dm[1].exe 
    C:\Users\samanthaxbaby\Desktop\installer_frostwire.exe
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:
  • OTL fix log
  • Fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#35 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 15 December 2013 - 06:11 PM

Here is the Fix Log:

All processes killed
========== FILES ==========
C:\Users\Joseph\AppData\LocalLow\oovootb\components folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\skin\lib folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\skin folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\search folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\content\newtab\images folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\content\newtab folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\content\lib folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome\content folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\chrome folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb\cache folder moved successfully.
C:\Users\Joseph\AppData\LocalLow\oovootb folder moved successfully.
C:\Users\Public\Downloads\18WheelsHaulin-dm[1].exe moved successfully.
C:\Users\Public\Downloads\18Wheels_of_Steel-dm[1].exe moved successfully.
C:\Users\samanthaxbaby\Desktop\installer_frostwire.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joseph
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: samanthaxbaby
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 224337387 bytes
->Java cache emptied: 464 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54528742 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42289537 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 306.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12152013_190404

Files\Folders moved on Reboot...
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW7XEEC3\-iGmidt4SirRkI4DjBoTLA[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW7XEEC3\index[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW7XEEC3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SO89RXL4\ELvCmRUbtOdCk3jbD-FqUPesZW2xOQ-xsNqO47m55DA[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIB8TY6F\HqHm7BVC_nzzTui2lzQTDfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIB8TY6F\RHp5spKuj-AQOgQKPITXrQ[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIB8TY6F\xd_arbiter[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EX0CEYMN\EvPKapBawcLZ3hbihjhqAfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CABQ1098\3FPAIAZU.htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CABQ1098\fastbutton[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CABQ1098\like[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CABQ1098\postmessageRelay[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CABQ1098\xd_arbiter[1].htm moved successfully.
C:\Users\samanthaxbaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\JETE761.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#36 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 15 December 2013 - 06:31 PM

OTL logfile created on: 12/15/2013 7:12:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samanthaxbaby\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 70.74% Memory free
7.81 Gb Paging File | 6.58 Gb Available in Paging File | 84.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 155.00 Gb Free Space | 70.46% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.09 Gb Free Space | 16.42% Space Free | Partition Type: NTFS

Computer Name: SAMANTHA | User Name: samanthaxbaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\samanthaxbaby\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symndisv.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20131210.001\IDSviA64.sys (Symantec Corporation)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (iscFlash) -- C:\SwSetup\sp46590\iscflashx64.sys (Insyde Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {22348997-7FD7-4759-AB9D-EB2B7A365617}
IE - HKCU\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...E11SR&pc=HPNTDF
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 03:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/01 21:37:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\samanthaxbaby\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/06/01 20:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pluswinks@PlusWinks: C:\Users\samanthaxbaby\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013/06/01 20:26:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\samanthaxbaby\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/06/01 20:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\pluswinks@PlusWinks: C:\Users\samanthaxbaby\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013/06/01 20:26:45 | 000,000,000 | ---D | M]

[2013/08/30 16:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions
[2009/12/26 13:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/06/01 20:26:45 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\pluswinks@PlusWinks
[2013/06/01 20:26:20 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2012/08/24 16:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: Speed Analysis 2 = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.0\

O1 HOSTS File: ([2013/12/01 15:21:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} http://static-www3.c...vc/ooVooWeb.dll (ooVooWebCtrl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82038922-7A18-4F76-89D0-08EB6538466D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/12 09:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/12 09:09:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 09:09:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 09:09:55 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 09:09:54 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 09:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/12 09:09:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/12 09:07:19 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/12 09:02:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 09:02:39 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 09:02:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 09:02:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 09:02:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 09:02:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 09:02:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 09:02:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 09:02:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 09:02:36 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 09:02:36 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 09:02:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 09:02:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 09:02:32 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 09:02:32 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 09:02:29 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 12:20:33 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 12:20:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 12:20:31 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 12:20:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 12:20:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 12:19:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 12:19:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 12:19:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 12:19:48 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 12:19:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 12:19:48 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 12:19:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 12:19:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/03 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apple
[2013/12/01 15:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/01 15:01:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/01 15:01:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/01 15:01:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/01 15:00:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/01 14:59:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/01 14:59:45 | 005,151,572 | R--- | C] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 23:12:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 23:07:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 22:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 18:01:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/28 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\PPNJPokerDir
[2013/11/27 15:12:23 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Adobe
[2013/11/27 14:15:20 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apple Computer
[2013/11/26 23:45:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/26 23:45:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/26 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Desktop\BorgataCasino_Installer
[2013/11/26 21:13:01 | 000,000,000 | ---D | C] -- C:\Programs
[2013/11/24 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/24 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2013/11/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\.minecraft
[2013/11/19 21:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/19 21:11:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/19 21:10:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/19 21:10:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/19 21:10:47 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2013/12/15 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/15 19:14:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 19:14:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 19:12:42 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/15 19:12:42 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/15 19:12:42 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/15 19:07:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/15 19:07:06 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/12 21:29:56 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsamanthaxbaby.job
[2013/12/12 12:43:40 | 000,333,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 09:09:25 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/12 09:07:27 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/10 17:20:37 | 000,037,376 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\divorce.wps
[2013/12/10 17:20:37 | 000,007,446 | ---- | M] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2013/12/10 17:15:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 17:15:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/08 16:41:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/04 15:20:31 | 000,003,318 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\skin_20131130231151182222.png
[2013/12/04 02:06:07 | 005,127,324 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\faithful32pack.zip
[2013/12/04 01:40:50 | 000,003,376 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\skin_20131128234933132062.png
[2013/12/01 15:21:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/01 14:59:49 | 005,151,572 | R--- | M] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 18:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/26 16:23:16 | 000,017,408 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\vagus nerve.wps
[2013/11/26 05:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 04:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 04:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 04:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 04:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 04:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 04:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 03:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 03:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 03:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 03:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 03:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 02:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 01:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 01:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/24 13:23:53 | 128,944,827 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:34 | 000,675,988 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/23 13:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 12:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/22 15:41:49 | 000,020,480 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\Experian.wps
[2013/11/19 21:10:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/19 21:10:34 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/19 21:10:34 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/19 21:10:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2013/12/12 09:09:25 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/10 13:36:33 | 000,037,376 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\divorce.wps
[2013/12/08 16:41:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/04 15:20:31 | 000,003,318 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\skin_20131130231151182222.png
[2013/12/04 02:05:47 | 005,127,324 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\faithful32pack.zip
[2013/12/04 01:40:50 | 000,003,376 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\skin_20131128234933132062.png
[2013/12/01 15:01:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/01 15:01:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/01 15:01:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/01 15:01:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/01 15:01:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/26 16:23:16 | 000,017,408 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\vagus nerve.wps
[2013/11/24 13:13:17 | 128,944,827 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:30 | 000,675,988 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/22 15:41:49 | 000,020,480 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\Experian.wps
[2013/03/26 20:52:20 | 000,000,258 | RHS- | C] () -- C:\Users\samanthaxbaby\ntuser.pol
[2012/10/23 20:21:11 | 000,001,940 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/10/12 19:47:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/06/10 19:56:29 | 000,094,725 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..0
[2010/06/10 19:56:29 | 000,082,819 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..JPG
[2010/06/10 19:56:21 | 000,010,480 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS._navi.JPG
[2010/04/22 06:43:38 | 000,052,768 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmp4TH GRADE LMAO..JPG
[2010/03/06 19:59:58 | 000,019,859 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..JPG
[2010/03/06 19:59:54 | 000,019,856 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..1
[2010/03/06 19:59:36 | 000,019,873 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..0
[2010/03/06 19:59:31 | 000,007,518 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY._navi.JPG
[2010/01/14 16:32:08 | 000,007,446 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2010/01/10 18:40:36 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.3
[2010/01/10 18:40:32 | 000,038,917 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.2
[2010/01/10 18:40:31 | 000,038,918 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.1
[2010/01/10 18:40:30 | 000,044,311 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.0
[2010/01/10 18:40:30 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.JPG
[2010/01/10 18:40:27 | 000,007,240 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK_navi.JPG

========== ZeroAccess Check ==========

[2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@
[2012/08/02 23:53:28 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:404390E0
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\The Greek Poker:MID
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E0AE69BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C6F032
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:15DE523E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D2A5A561
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:98F6F85C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3BE7E50E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:114BD271

< End of report >

#37 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 December 2013 - 08:29 PM

Hi babbagene,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button: (if present)

  • Ask
  • Ask.com

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    [2013/06/01 20:26:45 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\pluswinks@PlusWinks
    [2013/06/01 20:26:20 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
    CHR - Extension: Speed Analysis 2 = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.0\
    CHR - Extension: FastestChrome - Browse Faster = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0\
    CHR - Extension: Smiley Bar for Facebook = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.0\
    O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} http://static-www3.c...vc/ooVooWeb.dll (ooVooWebCtrl Class) 
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:


  • OTl fix log
  • AdwCleaner.txt
  • Fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#38 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 18 December 2013 - 05:59 PM

# AdwCleaner v3.015 - Report created 18/12/2013 at 18:36:12
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : samanthaxbaby - SAMANTHA
# Running from : C:\Users\samanthaxbaby\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\BrowseSmart
Folder Deleted : C:\Users\samanthaxbaby\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\samanthaxbaby\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\samanthaxbaby\AppData\Roaming\Mysearchdial
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\samanthaxbaby\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\828bddb535e812
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [13431 octets] - [29/11/2013 23:08:03]
AdwCleaner[R1].txt - [8026 octets] - [18/12/2013 18:34:47]
AdwCleaner[S0].txt - [6714 octets] - [18/12/2013 18:36:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6774 octets] ##########


OTL logfile created on: 12/18/2013 6:43:24 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samanthaxbaby\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.53% Memory free
7.81 Gb Paging File | 6.30 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 153.23 Gb Free Space | 69.66% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.09 Gb Free Space | 16.42% Space Free | Partition Type: NTFS

Computer Name: SAMANTHA | User Name: samanthaxbaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\samanthaxbaby\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symndisv.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20131210.001\IDSviA64.sys (Symantec Corporation)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (iscFlash) -- C:\SwSetup\sp46590\iscflashx64.sys (Insyde Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://start.mysearc...r=652575947&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {22348997-7FD7-4759-AB9D-EB2B7A365617}
IE - HKCU\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://start.mysearc...r=652575947&ir=
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/gc_browser_plugin_client: C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\npgc-browser-plugin-client.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\geocomply.com: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 03:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/01 21:37:55 | 000,000,000 | ---D | M]

[2013/12/18 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions
[2009/12/26 13:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/08/24 16:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/01 15:21:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82038922-7A18-4F76-89D0-08EB6538466D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/18 18:20:19 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\.android
[2013/12/18 18:20:17 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\cache
[2013/12/18 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\newnext.me
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Documents\Mobogenie
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Mobogenie
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\genienext
[2013/12/18 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/15 20:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/15 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Deployment
[2013/12/15 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apps
[2013/12/15 19:43:54 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TropicanaAtlanticCityOnline Geolocation Plugin
[2013/12/15 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation
[2013/12/12 09:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/12 09:09:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 09:09:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 09:09:55 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 09:09:54 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 09:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/12 09:09:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/12 09:07:19 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/12 09:02:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 09:02:39 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 09:02:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 09:02:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 09:02:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 09:02:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 09:02:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 09:02:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 09:02:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 09:02:36 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 09:02:36 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 09:02:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 09:02:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 09:02:32 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 09:02:32 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 09:02:29 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 12:20:33 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 12:20:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 12:20:31 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 12:20:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 12:20:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 12:19:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 12:19:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 12:19:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 12:19:48 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 12:19:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 12:19:48 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 12:19:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 12:19:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/03 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apple
[2013/12/01 15:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/01 15:01:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/01 15:01:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/01 15:01:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/01 15:00:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/01 14:59:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/01 14:59:45 | 005,151,572 | R--- | C] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 23:12:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 23:07:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 22:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 18:01:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/28 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\PPNJPokerDir
[2013/11/27 15:12:23 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Adobe
[2013/11/27 14:15:20 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apple Computer
[2013/11/26 23:45:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/26 23:45:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/26 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Desktop\BorgataCasino_Installer
[2013/11/26 21:13:01 | 000,000,000 | ---D | C] -- C:\Programs
[2013/11/24 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/24 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2013/11/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\.minecraft
[2013/11/19 21:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/19 21:11:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/19 21:10:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/19 21:10:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/19 21:10:47 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2013/12/18 18:44:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 18:44:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 18:42:19 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/18 18:42:19 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/18 18:42:19 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/18 18:37:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 18:37:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/18 18:37:09 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 18:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/18 18:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 11:18:18 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsamanthaxbaby.job
[2013/12/16 12:42:01 | 000,002,243 | ---- | M] () -- C:\Users\samanthaxbaby\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/15 20:03:29 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/12 12:43:40 | 000,333,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 09:09:25 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/12 09:07:27 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/10 17:20:37 | 000,007,446 | ---- | M] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2013/12/10 17:15:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 17:15:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/08 16:41:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/01 15:21:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/01 14:59:49 | 005,151,572 | R--- | M] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 18:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/26 05:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 04:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 04:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 04:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 04:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 04:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 04:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 03:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 03:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 03:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 03:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 03:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 02:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 01:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 01:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/24 13:23:53 | 128,944,827 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:34 | 000,675,988 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/23 13:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 12:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/22 15:41:49 | 000,020,480 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\Experian.wps
[2013/11/19 21:10:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/19 21:10:34 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/19 21:10:34 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/19 21:10:32 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2013/12/15 20:03:29 | 000,002,243 | ---- | C] () -- C:\Users\samanthaxbaby\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/15 20:03:29 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/15 19:56:46 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/15 19:56:46 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 09:09:25 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/08 16:41:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/01 15:01:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/01 15:01:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/01 15:01:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/01 15:01:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/01 15:01:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/24 13:13:17 | 128,944,827 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:30 | 000,675,988 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/22 15:41:49 | 000,020,480 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\Experian.wps
[2013/03/26 20:52:20 | 000,000,258 | RHS- | C] () -- C:\Users\samanthaxbaby\ntuser.pol
[2012/10/23 20:21:11 | 000,001,940 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/10/12 19:47:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/06/10 19:56:29 | 000,094,725 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..0
[2010/06/10 19:56:29 | 000,082,819 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..JPG
[2010/06/10 19:56:21 | 000,010,480 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS._navi.JPG
[2010/04/22 06:43:38 | 000,052,768 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmp4TH GRADE LMAO..JPG
[2010/03/06 19:59:58 | 000,019,859 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..JPG
[2010/03/06 19:59:54 | 000,019,856 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..1
[2010/03/06 19:59:36 | 000,019,873 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..0
[2010/03/06 19:59:31 | 000,007,518 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY._navi.JPG
[2010/01/14 16:32:08 | 000,007,446 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2010/01/10 18:40:36 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.3
[2010/01/10 18:40:32 | 000,038,917 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.2
[2010/01/10 18:40:31 | 000,038,918 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.1
[2010/01/10 18:40:30 | 000,044,311 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.0
[2010/01/10 18:40:30 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.JPG
[2010/01/10 18:40:27 | 000,007,240 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK_navi.JPG

========== ZeroAccess Check ==========

[2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@
[2012/08/02 23:53:28 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:404390E0
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\The Greek Poker:MID
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E0AE69BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C6F032
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:15DE523E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D2A5A561
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:98F6F85C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3BE7E50E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:114BD271

< End of report >

#39 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 December 2013 - 01:00 AM

Hi babbagene,

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

In your next post please provide the following:
  • mbar-log
  • system-log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#40 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 19 December 2013 - 10:56 AM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
samanthaxbaby :: SAMANTHA [administrator]

12/19/2013 10:59:32 AM
mbar-log-2013-12-19 (10-59-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270497
Time elapsed: 36 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ (Backdoor.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4193452032, free: 2817241088

Downloaded database version: v2013.12.19.08
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
12/19/2013 10:59:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131211.032\ENG64.SYS
\SystemRoot\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS
\SystemRoot\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS
\SystemRoot\System32\Drivers\N360x64\0308030.006\SYMFW.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20131210.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\N360x64\0308030.006\ccHPx64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004ca2300
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004b1c050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004ca2300, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004ca3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004ca2300, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ca13f0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004b1c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2169E425

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 461305856

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 461715456 Numsec = 26679296

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4193452032, free: 2985660416

=======================================

    Advertisements

Register to Remove


#41 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 December 2013 - 12:16 AM

Hi babbagene,

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
    =========================

    In your next post please provide the following:
    • OTL.txt
    • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#42 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 20 December 2013 - 08:44 AM

OTL logfile created on: 12/20/2013 9:26:50 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samanthaxbaby\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 69.90% Memory free
7.81 Gb Paging File | 6.53 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 152.01 Gb Free Space | 69.10% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.09 Gb Free Space | 16.42% Space Free | Partition Type: NTFS

Computer Name: SAMANTHA | User Name: samanthaxbaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\samanthaxbaby\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.UI\7.0.0.1__3d7f4982d5e863bc\HP.SupportFramework.UI.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Utilities\7.0.0.1__deb98ab3a292405a\HP.SupportFramework.Utilities.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Common\7.0.0.1__41bdec5abf54f6dc\HP.SupportFramework.Common.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\7.0.0.1__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symndisv.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20131218.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131219.004\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131219.004\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (iscFlash) -- C:\SwSetup\sp46590\iscflashx64.sys (Insyde Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://start.mysearc...r=652575947&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {22348997-7FD7-4759-AB9D-EB2B7A365617}
IE - HKCU\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://start.mysearc...r=652575947&ir=
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\geocomply.com/gc_browser_plugin_client: C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\npgc-browser-plugin-client.dll (GeoComply)
FF - HKCU\Software\MozillaPlugins\geocomply.com: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 03:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/01 21:37:55 | 000,000,000 | ---D | M]

[2013/12/18 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions
[2009/12/26 13:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samanthaxbaby\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/08/24 16:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - Extension: Google Wallet = C:\Users\samanthaxbaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/12/01 15:21:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82038922-7A18-4F76-89D0-08EB6538466D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 21:01:39 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Adobe
[2013/12/19 10:59:25 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/19 10:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/19 10:57:34 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/19 10:57:30 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Desktop\mbar
[2013/12/18 18:20:19 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\.android
[2013/12/18 18:20:17 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\cache
[2013/12/18 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\newnext.me
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Documents\Mobogenie
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Mobogenie
[2013/12/18 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\genienext
[2013/12/18 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/15 20:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/15 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Deployment
[2013/12/15 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Local\Apps
[2013/12/15 19:43:54 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TropicanaAtlanticCityOnline Geolocation Plugin
[2013/12/15 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation
[2013/12/12 09:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/12 09:09:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 09:09:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 09:09:55 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 09:09:54 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 09:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/12 09:09:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/12 09:07:19 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/12 09:02:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 09:02:39 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 09:02:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 09:02:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 09:02:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 09:02:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 09:02:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 09:02:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 09:02:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 09:02:36 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 09:02:36 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 09:02:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 09:02:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 09:02:32 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 09:02:32 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 09:02:29 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 12:20:33 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 12:20:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 12:20:31 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 12:20:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 12:20:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 12:19:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 12:19:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 12:19:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 12:19:48 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 12:19:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 12:19:48 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 12:19:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 12:19:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/01 15:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/01 15:01:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/01 15:01:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/01 15:01:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/01 15:00:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/01 14:59:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/01 14:59:45 | 005,151,572 | R--- | C] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 23:12:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 23:07:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 22:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 18:01:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/28 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\PPNJPokerDir
[2013/11/26 23:45:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/26 23:45:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/26 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\Desktop\BorgataCasino_Installer
[2013/11/26 21:13:01 | 000,000,000 | ---D | C] -- C:\Programs
[2013/11/24 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/24 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2013/11/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Users\samanthaxbaby\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2013/12/20 09:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/20 09:07:13 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/20 08:59:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 08:59:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 08:58:26 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/20 08:58:26 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/20 08:58:26 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/20 08:52:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 08:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/20 08:52:04 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/19 10:59:25 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/19 10:57:34 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:20:53 | 000,002,243 | ---- | M] () -- C:\Users\samanthaxbaby\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 19:20:53 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/17 11:18:18 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsamanthaxbaby.job
[2013/12/12 12:43:40 | 000,333,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 09:09:25 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/12 09:07:27 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\samanthaxbaby\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/10 17:20:37 | 000,007,446 | ---- | M] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2013/12/10 17:15:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 17:15:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/08 16:41:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/01 15:21:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/01 14:59:49 | 005,151,572 | R--- | M] (Swearware) -- C:\Users\samanthaxbaby\Desktop\ComboFix.exe
[2013/11/29 18:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samanthaxbaby\Desktop\OTL.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/26 05:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 04:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 04:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 04:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 04:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 04:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 04:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 03:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 03:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 03:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 03:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 03:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 02:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 01:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 01:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/24 13:23:53 | 128,944,827 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:34 | 000,675,988 | ---- | M] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/23 13:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 12:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/22 15:41:49 | 000,020,480 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | M] () -- C:\Users\samanthaxbaby\Documents\Experian.wps

========== Files Created - No Company Name ==========

[2013/12/15 20:03:29 | 000,002,243 | ---- | C] () -- C:\Users\samanthaxbaby\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/15 20:03:29 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/15 19:56:46 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/15 19:56:46 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 09:09:25 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/08 16:41:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/06 23:42:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/12/01 15:01:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/01 15:01:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/01 15:01:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/01 15:01:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/01 15:01:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/29 17:58:32 | 000,000,522 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.zip
[2013/11/29 17:54:08 | 000,000,512 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\MBR.dat
[2013/11/29 15:33:41 | 000,016,384 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\checks.wps
[2013/11/24 13:13:17 | 128,944,827 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Pixelmon 2.5.2.zip
[2013/11/24 13:06:30 | 000,675,988 | ---- | C] () -- C:\Users\samanthaxbaby\Desktop\Minecraft.exe
[2013/11/22 15:41:49 | 000,020,480 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\order credit form.wps
[2013/11/22 15:35:44 | 000,131,072 | ---- | C] () -- C:\Users\samanthaxbaby\Documents\Experian.wps
[2013/03/26 20:52:20 | 000,000,258 | RHS- | C] () -- C:\Users\samanthaxbaby\ntuser.pol
[2012/10/23 20:21:11 | 000,001,940 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/10/12 19:47:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/06/10 19:56:29 | 000,094,725 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..0
[2010/06/10 19:56:29 | 000,082,819 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS..JPG
[2010/06/10 19:56:21 | 000,010,480 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpMONKEYBARS._navi.JPG
[2010/04/22 06:43:38 | 000,052,768 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmp4TH GRADE LMAO..JPG
[2010/03/06 19:59:58 | 000,019,859 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..JPG
[2010/03/06 19:59:54 | 000,019,856 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..1
[2010/03/06 19:59:36 | 000,019,873 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY..0
[2010/03/06 19:59:31 | 000,007,518 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpBABY._navi.JPG
[2010/01/14 16:32:08 | 000,007,446 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Roaming\wklnhst.dat
[2010/01/10 18:40:36 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.3
[2010/01/10 18:40:32 | 000,038,917 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.2
[2010/01/10 18:40:31 | 000,038,918 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.1
[2010/01/10 18:40:30 | 000,044,311 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.0
[2010/01/10 18:40:30 | 000,038,924 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK.JPG
[2010/01/10 18:40:27 | 000,007,240 | ---- | C] () -- C:\Users\samanthaxbaby\AppData\Local\tmpEWK_navi.JPG

========== ZeroAccess Check ==========

[2012/08/02 23:53:28 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:404390E0
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\The Greek Poker:MID
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E0AE69BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C6F032
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:15DE523E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D2A5A561
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:98F6F85C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3BE7E50E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:114BD271

< End of report >

I will run the computer for awhile and see if the problem has cleared up , I will post tonight.
thank You

#43 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 December 2013 - 09:20 AM

Hi babbagene,

Please carry out these steps in the order outlined, some items seem to keep re-populating.

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites1202&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtD0F0EtCtCyCtCzyyE0CtN0D0Tzu0SyBtCzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=652575947&ir=
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    CHR - default_search_provider: Conduit Search (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE6B0DE1B-8F95-4672-A3EA-DAE93D25F369&q={searchTerms}&SSPV=
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
    O3 - HKLM\..\Toolbar: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    [2012/08/02 23:53:28 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L
    [2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\samanthaxbaby\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop if you don't already have it.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Under Extra Registry section, select Use SafeList <-- important
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • AdwCleaner.txt
  • JRT.txt
  • Fresh OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#44 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 21 December 2013 - 10:59 AM

Hi when you say run the otl.exe , are any boxes supposed to be check , because it seems like the default setting is Minimal , and also the LOP and PURITY are never checked, I just want to make sure these are the proper settings unless you state for me to do otherwise. Please let me know and then I will run the scans.
Thank You
Sam

#45 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 21 December 2013 - 11:27 AM

Also just noticed this , when I use GoogleChrome as my browser , I don't get any security alert message and I am also able to log into the site Zynga with no problem at all.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users