yikes, lol ok will try and lets hope I able to get back up or what. the out come may be. BBl
Infection of some sort [Solved]
Register to Remove
#17
Posted 13 June 2014 - 04:20 PM
Ok here is what happen.
1st I went and did the updates and got this message, 4 updates succeeded and 7 failed. so when I booted back up I had internet connection.
so after this I went and tried to do a update again second time, the 7 that failed succeeded and when I booted back up, no internet and the 2 network info In the try showed back up 1 was Network No internet access and 2nd was Unidentified Network No internet access.
So I went back to the restore point where the 4 succeeded and booted back up and I have internet connection and came here to post the results.
This is where I stand atm.
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#18
Posted 13 June 2014 - 04:30 PM
Not sure whats going on, go ahead and run a new scan with OTL and post the log please
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#19
Posted 13 June 2014 - 04:36 PM
After you run a new scan with OTL and post the log, run this scanner also
- Double click the aswMBR icon to run it.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#20
Posted 13 June 2014 - 04:50 PM
ok will do, I notice after restore back to that restore point the 4 updates that were succeeded, were back because going backwards, so I went ahead and installed them because they were successful and when I rebooted my internet connections were lost again. So I had to go back further of a restore point to get connections back.
So I will do these suggestions' and post the results back. Bangs head upside the wall
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#21
Posted 13 June 2014 - 04:51 PM
OTL logfile created on: 6/13/2014 5:43:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.71 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 45.64% Memory free
5.43 Gb Paging File | 3.65 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.21 Gb Total Space | 150.89 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 710.60 Gb Free Space | 96.52% Space Free | Partition Type: NTFS
Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (RealPlayer Cloud Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICCS) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (amdxhc) -- C:\Windows\System32\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV - (amdhub30) -- C:\Windows\System32\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\Windows\System32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 48 18 10 8A 86 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GUEA_enUS565
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/09 09:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/09 09:00:53 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.8_0\
CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/06/13 12:23:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3F8FD-8177-4D60-A497-2E0867BD5075}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/13 14:29:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/13 14:28:34 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
[2014/06/13 12:42:26 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/13 12:42:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/13 12:23:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/13 12:12:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/06/13 09:58:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2014/06/12 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Adobe
[2014/06/12 10:35:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/06/11 15:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/29 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Acelogix
[2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 17:41:48 | 000,708,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014/06/13 17:41:48 | 000,671,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/13 17:41:48 | 000,665,702 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2014/06/13 17:41:48 | 000,404,932 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2014/06/13 17:41:48 | 000,154,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014/06/13 17:41:48 | 000,145,652 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2014/06/13 17:41:48 | 000,126,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/13 17:41:48 | 000,119,716 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2014/06/13 17:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/13 17:38:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/13 17:37:15 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/13 17:37:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/13 17:37:02 | 2185,654,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/13 17:33:32 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
[2014/06/13 17:09:12 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
[2014/06/13 15:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/13 14:28:35 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
[2014/06/13 12:41:30 | 001,333,465 | ---- | M] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
[2014/06/13 12:37:20 | 000,000,714 | ---- | M] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
[2014/06/13 12:23:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/13 12:12:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/06/13 09:58:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2014/06/12 16:57:51 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
[2014/06/10 17:31:49 | 016,666,679 | ---- | M] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
[2014/06/10 17:28:54 | 010,975,544 | ---- | M] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
[2014/06/10 17:17:54 | 010,611,780 | ---- | M] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
[2014/05/30 15:02:30 | 000,002,977 | ---- | M] () -- C:\Users\Jim\Desktop\config.js
[2014/05/30 13:15:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/28 14:11:09 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/28 14:11:09 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/27 14:43:17 | 1608,954,914 | ---- | M] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
[2014/05/23 11:58:33 | 012,833,917 | ---- | M] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
[2014/05/23 11:56:12 | 017,526,212 | ---- | M] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
[2014/05/22 17:01:55 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 14:27:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/16 19:38:50 | 000,000,184 | ---- | M] () -- C:\Users\Jim\Desktop\69.42.211.125 [SSH].moba
[2014/05/16 11:25:01 | 000,002,205 | ---- | M] () -- C:\Users\Jim\Desktop\Logos Bible Software 5.lnk
[2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/13 17:33:32 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
[2014/06/13 17:09:12 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
[2014/06/13 12:41:19 | 001,333,465 | ---- | C] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
[2014/06/13 12:37:20 | 000,000,714 | ---- | C] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
[2014/06/12 16:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
[2014/06/10 17:31:49 | 016,666,679 | ---- | C] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
[2014/06/10 17:28:54 | 010,975,544 | ---- | C] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
[2014/06/10 17:17:39 | 010,611,780 | ---- | C] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
[2014/05/30 15:02:30 | 000,002,977 | ---- | C] () -- C:\Users\Jim\Desktop\config.js
[2014/05/27 13:49:28 | 1608,954,914 | ---- | C] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
[2014/05/23 11:58:15 | 012,833,917 | ---- | C] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
[2014/05/23 11:55:49 | 017,526,212 | ---- | C] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
[2014/05/03 14:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Jim\ping
[2014/05/03 14:04:52 | 000,000,000 | ---- | C] () -- C:\Users\Jim\trace
[2013/12/12 10:30:51 | 000,006,147 | ---- | C] () -- C:\Windows\PCLICSB.DAT
[2013/12/12 10:30:51 | 000,000,258 | RH-- | C] () -- C:\Windows\System32\LMF.DAT
[2013/12/10 17:51:05 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/12/10 16:42:08 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/12/07 15:46:03 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
[2013/12/07 15:36:04 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2013/12/07 15:19:56 | 000,164,842 | ---- | C] () -- C:\Windows\hpoins29.dat
[2013/12/07 15:19:56 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2013/12/06 18:51:59 | 000,404,932 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2013/12/06 18:51:59 | 000,119,716 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2013/12/06 18:51:59 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2013/12/06 18:51:59 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2013/12/06 18:42:04 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2013/12/06 18:42:03 | 000,665,702 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2013/12/06 18:42:03 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013/12/06 18:42:03 | 000,145,652 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2013/12/06 18:42:03 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2013/12/06 18:42:02 | 000,708,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013/12/06 18:42:02 | 000,154,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013/12/06 18:42:02 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013/12/06 15:31:42 | 000,247,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/12/06 13:55:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/12/06 13:55:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/12/06 13:47:51 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2013/12/06 13:47:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2013/12/06 13:09:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/12/06 12:01:35 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2013/12/06 12:01:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/12/06 11:58:07 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2013/12/06 11:58:07 | 000,019,608 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2013/12/06 11:56:03 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/12/06 11:55:47 | 000,369,117 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/12/06 11:53:45 | 000,230,452 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013/12/06 11:53:45 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2013/12/06 11:53:45 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013/12/06 11:53:45 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013/12/06 11:53:45 | 000,073,984 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2013/12/06 11:53:45 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/12/06 11:50:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013/01/15 16:57:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/12/19 11:42:09 | 000,665,329 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\Windows\System32\tx19_ic.ini
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/22 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AnvSoft
[2014/04/22 18:14:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2014/04/22 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FreeVideoConverter
[2013/12/09 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Libronix DLS
[2014/04/19 09:37:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Oracle
[2013/12/06 12:44:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2013/12/07 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
[2013/12/06 18:10:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:037E156FD96C5E82
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#22
Posted 13 June 2014 - 04:55 PM
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-13 17:52:35
-----------------------------
17:52:35.858 OS Version: Windows 6.1.7601 Service Pack 1
17:52:35.858 Number of processors: 4 586 0x1301
17:52:35.858 ComputerName: JIM-PC UserName: Jim
17:52:36.622 Initialize success
17:53:38.410 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
17:53:38.410 Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 11
17:53:38.488 Disk 0 MBR read successfully
17:53:38.488 Disk 0 MBR scan
17:53:38.488 Disk 0 Windows 7 default MBR code
17:53:38.504 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:53:38.519 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
17:53:38.535 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753868 MB offset 409600000
17:53:38.566 Disk 0 scanning sectors +1953521664
17:53:38.706 Disk 0 scanning C:\Windows\system32\drivers
17:53:42.887 Service scanning
17:53:46.444 Service MpKsl0e485c0b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys **LOCKED** 32
17:53:50.750 Modules scanning
17:53:53.729 Disk 0 trace - called modules:
17:53:54.010 ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
17:53:54.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5d948]
17:53:54.026 3 CLASSPNP.SYS[8b04d59e] -> nt!IofCallDriver -> [0x8691a840]
17:53:54.041 5 amd_xata.sys[83e85c90] -> nt!IofCallDriver -> \Device\00000068[0x86347220]
17:53:54.041 Scan finished successfully
17:54:12.153 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
17:54:12.153 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#23
Posted 13 June 2014 - 05:02 PM
aswMBR checks for a rootkit type of infection and the log looks ok
While I am looking over your OTL log lets do this
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#24
Posted 14 June 2014 - 08:28 AM
Ok done, during the process when it was creating the logs, a error came up dumphive.3exe stopped working. So I had to close it. Here is the CF log
ComboFix 14-06-13.01 - Jim 06/14/2014 9:16.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2779.1428 [GMT -5:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\Local
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-05-14 to 2014-06-14 )))))))))))))))))))))))))))))))
.
.
2014-06-14 14:21 . 2014-06-14 14:21 -------- d-----w- c:\users\Jim\AppData\Local\temp
2014-06-13 22:52 . 2014-06-13 22:52 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys ERROR(0x00000005)
2014-06-13 22:49 . 2014-05-02 14:07 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC64F219-A9B6-426F-80D5-FDE5541D20D0}\gapaengine.dll ERROR(0x00000005)
2014-06-13 22:48 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\mpengine.dll ERROR(0x00000005)
2014-06-13 22:35 . 2014-06-13 22:35 0 ---ha-w- c:\users\Jim\AppData\Local\BIT642E.tmp
2014-06-13 19:37 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2014-06-13 19:29 . 2014-06-13 19:29 -------- d-----w- c:\windows\ERUNT
2014-06-13 17:42 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-13 17:42 . 2014-06-13 19:25 -------- d-----w- C:\AdwCleaner
2014-06-13 17:23 . 2014-06-13 17:23 -------- d-----w- C:\_OTL
2014-06-12 22:12 . 2014-05-02 14:07 765968 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09659D90-FB66-40B5-A31C-02D1A4C4D685}\gapaengine.dll ERROR(0x00000005)
2014-06-12 21:59 . 2014-06-12 21:59 0 ---ha-w- c:\users\Jim\AppData\Local\BIT65D3.tmp
2014-06-12 20:24 . 2014-06-12 20:24 -------- d-----w- c:\users\Jim\AppData\Local\Adobe
2014-06-11 20:42 . 2014-06-11 20:42 -------- d-----w- c:\program files\ESET
2014-05-30 20:02 . 2014-05-30 20:02 2977 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{542F9F41-501C-B7DB-6978-F97E1503701E}-config.js ERROR(0x00000005)
2014-05-29 15:33 . 2014-06-12 22:00 -------- d-----w- c:\users\Jim\AppData\Local\Acelogix
2014-05-16 13:56 . 2013-10-28 23:26 1619120 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-14 14:04 . 2014-04-14 14:22 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 19:11 . 2013-12-07 15:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-28 19:11 . 2013-12-07 15:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 12:26 . 2014-04-14 14:22 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 12:25 . 2014-04-14 14:22 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 12:25 . 2013-12-07 15:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06 . 2014-05-14 14:11 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04 . 2014-05-14 14:11 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-06 03:07 . 2014-05-14 14:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 14:07 . 2014-01-23 19:47 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
2014-04-15 01:13 . 2014-02-22 18:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-12 02:15 . 2014-05-14 14:12 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 14:12 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 14:12 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 14:12 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 14:12 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 14:12 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 14:12 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-09 14:00 . 2013-12-06 18:25 505416 ----a-w- c:\windows\system32\msvcp71.dll
2014-04-09 14:00 . 2013-12-06 18:25 353864 ----a-w- c:\windows\system32\msvcr71.dll
2014-04-01 02:34 . 2014-04-01 02:34 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-19 20:20 . 2014-03-19 20:20 44752 ----a-w- c:\windows\system32\drivers\point32.sys
2014-03-19 20:20 . 2014-03-19 20:20 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2004-07-30 15:56 . 2013-12-07 20:46 90112 ----a-w- c:\program files\Common Files\PCSBclean.exe
2004-07-26 21:30 . 2013-12-07 20:36 291840 ----a-w- c:\program files\Common Files\PCSBoff.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 5626136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-15 642656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-04-09 296520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"=c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl"=d:\programs\PowerDVD\PDVDServ.exe
"LanguageShortcut"=d:\programs\PowerDVD\Language\Language.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-03-21 23552]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-12-07 17488]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-06 1343400]
R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-10-11 70824]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-10-11 34984]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [2002-11-28 22016]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2012-10-25 19608]
S1 MpKsl0e485c0b;MpKsl0e485c0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys [2014-06-13 39464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-01-15 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-01-15 291840]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-03-15 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [2014-04-09 1141848]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-08-15 85160]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-08-15 177832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-01-15 80384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-06-14 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL0E485C0B
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 06:43 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 19:11]
.
2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
.
2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-14 09:23:08
ComboFix-quarantined-files.txt 2014-06-14 14:23
.
Pre-Run: 161,547,870,208 bytes free
Post-Run: 161,216,086,016 bytes free
.
- - End Of File - - 7247C6D06B1DD3FDCCAF913E43DD58DA
A36C5E4F47E84449FF07ED3517B43A31
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#25
Posted 14 June 2014 - 09:09 AM
Morning,
CF did not remove much and the rest of the log looks ok. I do see some errors that your getting related to Microsoft Security Essentials, you may want to uninstall it then do a fresh install and see if it runs better
If you need it
http://www.microsoft...ls.aspx?id=5201
How is the internet connection going?
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#26
Posted 14 June 2014 - 01:27 PM
Ok did as you asked, removed MSE and during the reboot process the system took a dump and crashed, but was able to boot back up. When it did the network Icon showed Network Internet access and Unidentified Network internet access.
So shut everything down and turned off all the other stuff Router modems and waited for over 5 min, restarted the modem and router and then came back and booted pc back up. When it did the network icon shows Network no internet access and Unidentified network no internet. So I rebooted and now Got in the network icon Network Internet Access and now here to post this.
Windows still waiting to do updates also
Jimbo
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#27
Posted 14 June 2014 - 02:31 PM
Lets try updating those windows updates and see what happens
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#29
Posted 14 June 2014 - 02:55 PM
Ok the results are in. I tried something today, when I booted the machine and did not get internet access I went into safe mode and used with networking I would get internet access when I could not get internet when booting normal.
Also after that combo fix run, I did a SFC run and it fixed some files but could not fix a few other looking at the log it related to word in the main one it did not fix.
So on the updates:
Tried the updates out of 12 file pending to be updated 5 succeeded and 7 failed. so I rebooted and in the network icon got Network No Internet Access and Unidentified Network No Internet access.
So I rebooted and this time got Network Internet access, rebooted 2 more times and even shut down the pc and reboot and each time I getting Network Internet access.
But their are still 7 that failed and are pending. Like I did yesterday I came back and tried to update them and they succeeded but each time I rebooted I could not get internet access, so I have not tried this yet. I am thinking of hiding those Security updates updates but not sure yet.
So this is where we stand.
Jimbo
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#30
Posted 14 June 2014 - 03:00 PM
Forgot sorry when the updates that fail this is the error code80070308, what happen to the fonts on the last post is beyond me
The help you receive here is free.
If you wish, you may Donate to help keep us online.
May your day be blessed by those you love and those you love be blessed by HIM ;-)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users