I think my system has a virus?!

Posted 4/21/2013 10:22 PM
#95476
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi. My desktop has been running extremely slow since last night. I have restarted it and also run malwarebytes but nothing showed up. Any help you can give would be great! My operating system in Windows 7 Home Premium. Thanks
Posted 4/22/2013 4:14 AM
#95477
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi http://oldtimer.geekstogo.com/OTL.exe<o:p></o:p> <br/> <br/></div><o:p> </o:p> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><ul type="disc"> <br/> <span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">Double click on the icon to run it. Make <br/> sure all other windows are closed and to let it run uninterrupted.<o:p></o:p> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt;"><span style="font-family: Tahoma; font-size: 10pt;">Select <br/> All Users<o:p></o:p></li> <br/></ul> <br/> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="background: white; margin: 0cm 15pt 0pt 0cm; line-height: 13.5pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt;"><o:p> </o:p></li> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt;">Click the <span class="bbcu1">Quick Scan <br/> button. Do not change any settings unless otherwise told to do so. The scan wont take long.<o:p></o:p></li> <br/></ul> <br/> <br/> <br/><ul type="disc"> <br/> <ul type="disc"> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt;"><span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">When the scan completes, it will open two <br/> notepad windows. OTL.Txt and Extras.Txt. <br/> These are saved in the same location as OTL.</li><li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt;"><o:p></o:p></li> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt;"><span style="font-family: Tahoma; font-size: 10pt;">Post <br/> both logs<o:p></o:p></li> <br/> </ul> <br/></ul>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/22/2013 1:21 PM
#95483
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi and thanks! Here is the first log... <br/> <br/> <br/> <br/> <br/>OTL logfile created on: 4/22/2013 9:08:14 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Prism2\Desktop <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>5.88 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 56.13% Memory free <br/>11.76 Gb Paging File | 6.52 Gb Available in Paging File | 55.46% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 919.22 Gb Total Space | 698.96 Gb Free Space | 76.04% Space Free | Partition Type: NTFS <br/>Drive D: | 2.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS <br/> <br/>Computer Name: PRISM2-PC | User Name: Prism2 | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2013/04/22 09:07:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prism2\Desktop\OTL.exe <br/>PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>PRC - [2013/03/13 14:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe <br/>PRC - [2013/03/12 15:12:21 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe <br/>PRC - [2013/03/09 12:44:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe <br/>PRC - [2013/03/09 12:44:36 | 000,040,352 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe <br/>PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>PRC - [2012/06/28 08:33:47 | 000,083,824 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe <br/>PRC - [2012/06/28 08:33:46 | 000,464,752 | R--- | M] (SAC) -- C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/>PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE <br/>PRC - [2012/02/27 05:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe <br/>PRC - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe <br/>PRC - [2012/02/08 02:31:34 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe <br/>PRC - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe <br/>PRC - [2012/02/01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>PRC - [2012/01/27 17:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe <br/>PRC - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe <br/>PRC - [2012/01/26 22:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe <br/>PRC - [2011/12/16 16:38:48 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe <br/>PRC - [2011/12/16 16:38:46 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe <br/>PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe <br/>PRC - [2011/09/23 14:36:50 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files (x86)\Rhapsody\rhaphlpr.exe <br/>PRC - [2011/06/29 09:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe <br/>PRC - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe <br/>PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe <br/>PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2013/02/14 04:27:54 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll <br/>MOD - [2013/02/14 04:23:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll <br/>MOD - [2013/02/14 04:23:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll <br/>MOD - [2013/01/10 04:33:28 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll <br/>MOD - [2013/01/10 04:33:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll <br/>MOD - [2013/01/10 04:32:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll <br/>MOD - [2013/01/10 04:32:11 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll <br/>MOD - [2013/01/10 04:32:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll <br/>MOD - [2013/01/10 04:30:46 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll <br/>MOD - [2013/01/10 04:30:36 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll <br/>MOD - [2013/01/10 04:30:35 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll <br/>MOD - [2013/01/10 04:30:34 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll <br/>MOD - [2013/01/10 04:30:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll <br/>MOD - [2013/01/10 04:30:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll <br/>MOD - [2013/01/10 04:30:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll <br/>MOD - [2013/01/10 04:29:54 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll <br/>MOD - [2013/01/10 04:29:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll <br/>MOD - [2013/01/10 04:29:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll <br/>MOD - [2013/01/10 04:29:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll <br/>MOD - [2013/01/10 04:29:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll <br/>MOD - [2013/01/10 04:29:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll <br/>MOD - [2013/01/10 04:29:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll <br/>MOD - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe <br/>MOD - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe <br/>MOD - [2011/06/27 20:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll <br/>MOD - [2011/06/25 00:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll <br/>MOD - [2011/06/25 00:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll <br/>MOD - [2010/03/22 16:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll <br/>MOD - [2010/03/16 21:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll <br/>MOD - [2010/03/16 21:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll <br/>MOD - [2010/03/16 21:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll <br/>MOD - [2010/03/11 20:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll <br/>MOD - [2010/03/11 20:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll <br/>MOD - [2010/03/05 16:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll <br/>MOD - [2010/03/05 16:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) <br/>SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS) <br/>SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) <br/>SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) <br/>SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) <br/>SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) <br/>SRV:64bit: - [2011/12/08 17:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) <br/>SRV:64bit: - [2011/03/08 18:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk) <br/>SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) <br/>SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) <br/>SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/>SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) <br/>SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) <br/>SRV - [2013/03/13 14:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) <br/>SRV - [2013/03/12 15:12:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) <br/>SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) <br/>SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) <br/>SRV - [2012/06/28 08:33:47 | 000,083,824 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -- (CFUACProxy_officeguardianv2) <br/>SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) <br/>SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) <br/>SRV - [2012/03/22 17:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) <br/>SRV - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) <br/>SRV - [2012/02/08 02:31:34 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) <br/>SRV - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) <br/>SRV - [2011/12/16 16:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) <br/>SRV - [2011/12/16 16:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) <br/>SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) <br/>SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) <br/>SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService) <br/>SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) <br/>SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) <br/>SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) <br/>DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) <br/>DRV:64bit: - [2012/08/28 14:04:20 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) <br/>DRV:64bit: - [2012/08/28 14:04:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) <br/>DRV:64bit: - [2012/08/28 14:04:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) <br/>DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) <br/>DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) <br/>DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) <br/>DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) <br/>DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) <br/>DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) <br/>DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) <br/>DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) <br/>DRV:64bit: - [2012/03/19 20:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) <br/>DRV:64bit: - [2012/02/27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) <br/>DRV:64bit: - [2012/02/27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) <br/>DRV:64bit: - [2012/02/27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) <br/>DRV:64bit: - [2012/02/01 20:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) <br/>DRV:64bit: - [2012/02/01 02:10:16 | 002,804,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) <br/>DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) <br/>DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) <br/>DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) <br/>DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) <br/>DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) <br/>DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) <br/>DRV:64bit: - [2011/08/24 02:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) <br/>DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) <br/>DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) <br/>DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) <br/>DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) <br/>DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) <br/>DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) <br/>DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) <br/>DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) <br/>DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) <br/>DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) <br/>DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) <br/>DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} <br/>IE:64bit: - HKLM\..\SearchScopes\{2F170114-61EC-433B-9578-68D60950BDC1}: "URL" = [url=http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox]http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox[/url] <br/>IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url=http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} <br/>IE - HKLM\..\SearchScopes\{2F170114-61EC-433B-9578-68D60950BDC1}: "URL" = [url=http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox]http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox[/url] <br/>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url=http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] <br/> <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationalgeographic.com/ <br/>IE - HKCU\..\SearchScopes,DefaultScope = {2F170114-61EC-433B-9578-68D60950BDC1} <br/>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url=http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/10/01 07:05:44 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/09/11 10:32:26 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/01 12:47:19 | 000,000,000 | ---D | M] <br/> <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - homepage: http://www.google.com/ <br/>CHR - default_search_provider: Google (Enabled) <br/>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} <br/>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} <br/>CHR - homepage: http://www.google.com/ <br/> <br/>O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts <br/>O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120908174900.dll (McAfee, Inc.) <br/>O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120908174900.dll (McAfee, Inc.) <br/>O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. <br/>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) <br/>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. <br/>O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () <br/>O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) <br/>O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () <br/>O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) <br/>O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) <br/>O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) <br/>O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () <br/>O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) <br/>O4 - HKCU..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) <br/>O4 - HKCU..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe (SAC) <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 <br/>O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) <br/>O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) <br/>O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) <br/>O1364bit: - gopher Prefix: missing <br/>O13 - gopher Prefix: missing <br/>O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) <br/>O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) <br/>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE1F0E4-14AC-4D12-8DE9-6B0B3C420F7E}: DhcpNameServer = 209.18.47.61 209.18.47.62 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E5D7EC-EAB8-432E-812D-80BD81114FC5}: DhcpNameServer = 209.18.47.61 209.18.47.62 <br/>O18:64bit: - Protocol\Handler\cozi - No CLSID value found <br/>O18:64bit: - Protocol\Handler\livecall - No CLSID value found <br/>O18:64bit: - Protocol\Handler\msnim - No CLSID value found <br/>O18:64bit: - Protocol\Handler\skype4com - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found <br/>O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) <br/>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) <br/>O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) <br/>O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) <br/>O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) <br/>O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2011/12/09 19:47:54 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] <br/>O33 - MountPoints2\{71f64928-f13b-11e1-a325-806e6f6e6963}\Shell - "" = AutoRun <br/>O33 - MountPoints2\{71f64928-f13b-11e1-a325-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2011/12/09 19:48:47 | 001,467,848 | R--- | M] (Encore) <br/>O33 - MountPoints2\{bfe6b493-2288-11e2-9c6c-d4bed9e6be66}\Shell - "" = AutoRun <br/>O33 - MountPoints2\{bfe6b493-2288-11e2-9c6c-d4bed9e6be66}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe <br/>O33 - MountPoints2\F\Shell - "" = AutoRun <br/>O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35:64bit: - HKLM\..comfile [open] -- "%1" %* <br/>O35:64bit: - HKLM\..exefile [open] -- "%1" %* <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O37 - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2013/04/22 09:07:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Prism2\Desktop\OTL.exe <br/>[2013/04/21 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee <br/>[2013/04/03 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Prism2\Desktop\Virtually There - eTicket Receipt_files <br/>[2013/04/01 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\Prism2\Desktop\Easter <br/>[2013/03/25 09:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr <br/>[3 C:\Users\Prism2\Desktop\*.tmp files -> C:\Users\Prism2\Desktop\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2013/04/22 09:07:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prism2\Desktop\OTL.exe <br/>[2013/04/22 08:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2013/04/22 08:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job <br/>[2013/04/21 19:34:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2013/04/21 18:26:47 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/21 18:26:47 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/21 13:21:59 | 000,870,128 | ---- | M] () -- C:\Users\Prism2\AppData\Roaming\mcs.rma <br/>[2013/04/21 13:21:59 | 000,000,004 | ---- | M] () -- C:\Users\Prism2\AppData\Roaming\159676 <br/>[2013/04/20 22:09:56 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI <br/>[2013/04/20 22:09:56 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat <br/>[2013/04/20 22:09:56 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat <br/>[2013/04/20 22:05:27 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT <br/>[2013/04/20 22:05:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2013/04/20 22:05:18 | 441,053,183 | -HS- | M] () -- C:\hiberfil.sys <br/>[2013/04/20 21:54:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2013/04/20 21:50:05 | 000,208,896 | ---- | M] () -- C:\Users\Prism2\Desktop\bizcardproofa.PSproj <br/>[2013/04/20 21:37:27 | 000,006,083 | ---- | M] () -- C:\Users\Prism2\Desktop\0-0-f190974.jpg <br/>[2013/04/20 20:41:04 | 000,208,896 | ---- | M] () -- C:\Users\Prism2\Desktop\bizcardproof.PSproj <br/>[2013/04/20 19:36:58 | 000,115,712 | ---- | M] () -- C:\Users\Prism2\Desktop\blankbiz.PSproj <br/>[2013/04/20 19:12:33 | 000,017,961 | ---- | M] () -- C:\Users\Prism2\Desktop\TBBIZ2 - Copylogo.png <br/>[2013/04/20 18:55:01 | 000,023,466 | ---- | M] () -- C:\Users\Prism2\Desktop\biznew2013oval.png <br/>[2013/04/20 18:51:00 | 000,045,565 | ---- | M] () -- C:\Users\Prism2\Desktop\biznew2013.png <br/>[2013/04/20 18:43:14 | 000,017,130 | ---- | M] () -- C:\Users\Prism2\Desktop\TBBIZ2logo.png <br/>[2013/04/20 16:46:01 | 000,287,110 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz56.pdf <br/>[2013/04/20 16:45:39 | 000,146,432 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz56.PSproj <br/>[2013/04/20 16:45:17 | 000,275,501 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz5a.pdf <br/>[2013/04/20 16:44:42 | 000,146,432 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz5a.PSproj <br/>[2013/04/20 16:34:26 | 001,359,368 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz1.pdf <br/>[2013/04/20 16:34:01 | 001,568,768 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz1.PSproj <br/>[2013/04/20 16:26:38 | 000,245,274 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz4.pdf <br/>[2013/04/20 16:25:57 | 000,141,312 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz4.PSproj <br/>[2013/04/20 16:10:15 | 000,285,970 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz2.pdf <br/>[2013/04/20 16:09:50 | 000,140,288 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz2.PSproj <br/>[2013/04/20 16:03:57 | 001,468,300 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz3.pdf <br/>[2013/04/20 16:03:36 | 003,647,488 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz3.PSproj <br/>[2013/04/20 14:54:52 | 001,335,075 | ---- | M] () -- C:\Users\Prism2\Desktop\newbiz1pdf.pdf <br/>[2013/04/20 14:22:00 | 000,000,000 | ---- | M] () -- C:\Users\Prism2\Desktop\0-0-TreyBday.jpg <br/>[2013/04/20 11:18:26 | 000,001,470 | ---- | M] () -- C:\Windows\Sandboxie.ini <br/>[2013/04/19 20:09:28 | 000,954,452 | ---- | M] () -- C:\Users\Prism2\Desktop\dcc-1200.pdf <br/>[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys <br/>[2013/04/03 18:38:17 | 000,012,201 | ---- | M] () -- C:\Users\Prism2\Desktop\Virtually There - eTicket Receipt.html <br/>[2013/04/02 18:16:18 | 000,034,438 | ---- | M] () -- C:\Users\Prism2\Desktop\559738_3637463021339_906205413_n[1].jpg <br/>[2013/03/24 22:31:06 | 000,217,329 | ---- | M] () -- C:\Users\Prism2\Desktop\eServices_aspx.mht <br/>[3 C:\Users\Prism2\Desktop\*.tmp files -> C:\Users\Prism2\Desktop\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2013/04/20 21:37:27 | 000,006,083 | ---- | C] () -- C:\Users\Prism2\Desktop\0-0-f190974.jpg <br/>[2013/04/20 21:21:44 | 000,208,896 | ---- | C] () -- C:\Users\Prism2\Desktop\bizcardproofa.PSproj <br/>[2013/04/20 20:23:58 | 000,208,896 | ---- | C] () -- C:\Users\Prism2\Desktop\bizcardproof.PSproj <br/>[2013/04/20 19:34:59 | 000,115,712 | ---- | C] () -- C:\Users\Prism2\Desktop\blankbiz.PSproj <br/>[2013/04/20 19:12:31 | 000,017,961 | ---- | C] () -- C:\Users\Prism2\Desktop\TBBIZ2 - Copylogo.png <br/>[2013/04/20 18:55:01 | 000,023,466 | ---- | C] () -- C:\Users\Prism2\Desktop\biznew2013oval.png <br/>[2013/04/20 18:50:57 | 000,045,565 | ---- | C] () -- C:\Users\Prism2\Desktop\biznew2013.png <br/>[2013/04/20 18:43:09 | 000,017,130 | ---- | C] () -- C:\Users\Prism2\Desktop\TBBIZ2logo.png <br/>[2013/04/20 16:45:56 | 000,287,110 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz56.pdf <br/>[2013/04/20 16:45:39 | 000,146,432 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz56.PSproj <br/>[2013/04/20 16:45:12 | 000,275,501 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz5a.pdf <br/>[2013/04/20 16:44:42 | 000,146,432 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz5a.PSproj <br/>[2013/04/20 16:34:21 | 001,359,368 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz1.pdf <br/>[2013/04/20 16:26:34 | 000,245,274 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz4.pdf <br/>[2013/04/20 16:25:57 | 000,141,312 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz4.PSproj <br/>[2013/04/20 16:10:11 | 000,285,970 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz2.pdf <br/>[2013/04/20 16:01:34 | 001,468,300 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz3.pdf <br/>[2013/04/20 16:01:12 | 003,647,488 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz3.PSproj <br/>[2013/04/20 14:56:28 | 000,140,288 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz2.PSproj <br/>[2013/04/20 14:54:43 | 001,335,075 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz1pdf.pdf <br/>[2013/04/20 14:54:21 | 001,568,768 | ---- | C] () -- C:\Users\Prism2\Desktop\newbiz1.PSproj <br/>[2013/04/20 14:22:00 | 000,000,000 | ---- | C] () -- C:\Users\Prism2\Desktop\0-0-TreyBday.jpg <br/>[2013/04/19 20:09:28 | 000,954,452 | ---- | C] () -- C:\Users\Prism2\Desktop\dcc-1200.pdf <br/>[2013/04/03 18:38:07 | 000,012,201 | ---- | C] () -- C:\Users\Prism2\Desktop\Virtually There - eTicket Receipt.html <br/>[2013/04/02 19:33:58 | 000,034,438 | ---- | C] () -- C:\Users\Prism2\Desktop\559738_3637463021339_906205413_n[1].jpg <br/>[2013/03/24 22:31:05 | 000,217,329 | ---- | C] () -- C:\Users\Prism2\Desktop\eServices_aspx.mht <br/>[2013/03/15 12:26:58 | 000,000,632 | RHS- | C] () -- C:\Users\Prism2\ntuser.pol <br/>[2012/12/29 22:33:56 | 000,001,470 | ---- | C] () -- C:\Windows\Sandboxie.ini <br/>[2012/09/11 10:28:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini <br/>[2012/09/10 19:18:28 | 000,870,128 | ---- | C] () -- C:\Users\Prism2\AppData\Roaming\mcs.rma <br/>[2012/09/10 19:18:28 | 000,000,004 | ---- | C] () -- C:\Users\Prism2\AppData\Roaming\159676 <br/>[2012/08/28 13:48:00 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin <br/>[2012/08/28 13:47:58 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin <br/>[2012/08/28 13:47:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll <br/>[2012/08/28 13:47:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin <br/>[2012/08/28 13:47:51 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll <br/>[2011/12/08 17:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2013/02/16 16:04:58 | 000,000,000 | ---D | M] -- C:\Users\Prism2\AppData\Roaming\Encore <br/>[2012/09/08 11:29:59 | 000,000,000 | ---D | M] -- C:\Users\Prism2\AppData\Roaming\Fingertapps <br/>[2013/02/16 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Prism2\AppData\Roaming\Smilebox <br/>[2013/04/20 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Prism2\AppData\Roaming\SoftGrid Client <br/>[2012/09/22 10:25:37 | 000,000,000 | ---D | M] -- C:\Users\Prism2\AppData\Roaming\TP <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>< End of report >
Posted 4/22/2013 1:23 PM
#95484
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
And the 2nd log... <br/> <br/><br /><br /> <br/><br /><br /> <br/>OTL Extras logfile created on: 4/22/2013 9:08:14 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Prism2\Desktop <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>5.88 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 56.13% Memory free <br/>11.76 Gb Paging File | 6.52 Gb Available in Paging File | 55.46% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 919.22 Gb Total Space | 698.96 Gb Free Space | 76.04% Space Free | Partition Type: NTFS <br/>Drive D: | 2.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS <br/> <br/>Computer Name: PRISM2-PC | User Name: Prism2 | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [edit] -- Reg Error: Key error. <br/>htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) <br/>InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [edit] -- Reg Error: Key error. <br/>htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"cval" = 1 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] <br/>"AntiVirusOverride" = 0 <br/>"AntiSpywareOverride" = 0 <br/>"FirewallOverride" = 0 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{03F78336-9E41-46AB-B170-FBC705AFFA2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{0FE8AD31-B3FA-4376-9B67-493857B9E567}" = rport=445 | protocol=6 | dir=out | app=system | <br/>"{1C6CF47A-8341-4179-9A64-09B33737924F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [url=name=@firewallapi.dll,-28539]name=@firewallapi.dll,-28539[/url] | <br/>"{2A6159AA-8CF9-4A45-B878-77ECDDE40EC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{3DB0FDE7-6539-431D-8C2C-3D6DC51A991D}" = lport=138 | protocol=17 | dir=in | app=system | <br/>"{4A284088-449B-4870-BDDB-40DC29417816}" = rport=139 | protocol=6 | dir=out | app=system | <br/>"{513AA753-00B9-4857-B6D4-312FA35E296A}" = rport=10243 | protocol=6 | dir=out | app=system | <br/>"{58E015A5-5F94-4DC3-AF51-C0525B745FF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{606397F7-F561-4B08-A577-9362D5BB7570}" = lport=445 | protocol=6 | dir=in | app=system | <br/>"{658EFC1A-850C-48D9-A661-ADBF46873073}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{67D491B6-0083-4525-A00D-9E0A9BFCBA13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{6A68E287-EFD4-4E05-BEFC-AADE736410B1}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | <br/>"{6B0E11F5-E779-4090-A694-BEC0C9B97D46}" = rport=138 | protocol=17 | dir=out | app=system | <br/>"{74E11907-88FD-4B6D-A700-F423DDA95FAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{81BE17B7-DA43-4CD0-A55D-F9DEC7933DB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | <br/>"{81C2246A-185C-4385-AD5D-70754F356DCF}" = lport=139 | protocol=6 | dir=in | app=system | <br/>"{90296D25-21CB-4685-B84A-3969C50E22C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | <br/>"{936422C3-FF7D-4EE1-B74F-B61B2B57E90D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{A3E81935-DA33-4B53-9565-FF64F26E9091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{A4E66628-2E80-46C9-8356-F34FEFB5E643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | <br/>"{B00C8BFE-DB70-4C9F-80F0-A8E4C96561F9}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | <br/>"{B773E4D3-F980-4A06-8661-3B4F94B49120}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{BE9A6CCB-B553-4FD3-B271-CC6EE9752E2B}" = rport=137 | protocol=17 | dir=out | app=system | <br/>"{C156F17C-DB1F-4922-9DCA-9BB4B3DF447B}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | <br/>"{CD4379C9-B4D9-433E-A1B4-C9C6EA163B7A}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{D7FB3268-BC86-48B1-A8DC-933A44A6B435}" = lport=10243 | protocol=6 | dir=in | app=system | <br/>"{D8E2C6CF-B88B-4239-972D-2810E39583BF}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | <br/>"{EF281940-ADAE-49A5-AC41-FA2BFFFA5448}" = lport=137 | protocol=17 | dir=in | app=system | <br/>"{F3286A93-CE3C-42B3-9B0C-9BBC8C99A560}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/> <br/>[color=#E56717]========== Vista Active Application Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{06FB5384-EB9A-45B9-9FB1-97E3C1D8A128}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe | <br/>"{09E7A30F-A34D-41C2-A985-344ADACD3A2B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | <br/>"{0B7E3179-69C4-448F-9526-6A4D3D3CD2B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{0D886665-8D01-42C5-ACB4-1BEF7C6D3E5F}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe | <br/>"{0F4EEAC3-175C-4D4B-8E7F-37C27A7C8674}" = protocol=6 | dir=out | app=system | <br/>"{14AE0140-C5D9-4850-8D0F-3FDDF9A79002}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | <br/>"{1751176E-FF6D-424F-A0E6-99C0CB24A238}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | <br/>"{186B1228-EB09-498B-97F9-6617544DF445}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | <br/>"{23001887-F2EB-43B7-9FAF-ABB1913A12B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{26F717A0-4BBF-46F3-ABF3-E344F3721336}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | <br/>"{28B52D51-13E7-495F-825F-807A8472E4D6}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe | <br/>"{2A9B74F3-2E9B-41E6-BC07-A9FFDF64ED91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{2D4A9B59-252A-449F-BFC1-6E662D9898DA}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | <br/>"{36E5C286-2F8E-4850-B8F0-46F66D434E8B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{586063F8-600B-460E-953E-6B6EF4A9A095}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | <br/>"{58AC976D-0ECF-41D8-A487-343D0DDE6372}" = protocol=1 | dir=in | [url=name=@firewallapi.dll,-28543]name=@firewallapi.dll,-28543[/url] | <br/>"{63CCDE54-2E11-41DB-9209-5B56DCE48A28}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | <br/>"{6BBB5FFB-4DF2-4011-9178-2A9E3C5D75CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{728D9171-089C-40A9-9709-F2BF61DE3620}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{76559AE5-3123-431F-B355-35AE79148B4E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | <br/>"{7F1D0DE4-10F3-4A2F-A832-E5DC2F271593}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe | <br/>"{8146B6DF-F2D8-4E9C-A8BF-1127ECCEB4B0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | <br/>"{8910DA6E-4216-42AA-8CBA-1C556E36B389}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | <br/>"{9E042E40-C7D2-4C0B-A927-E7AD5E31B9E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{9F22E04B-CC58-4BB4-8697-DA2437BBC7B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{A0401EAA-C77B-410B-8AD8-69B0274FEF6C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | <br/>"{A210F765-3C8C-4539-A758-9D6C6890F8D2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | <br/>"{A22DE46E-05E3-4065-8036-8CA68E89F309}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe | <br/>"{A2880E24-487B-4E0B-BEDC-93B2D850A260}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | <br/>"{AE21E5FE-4965-40C5-8DF0-B8C8938348BD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | <br/>"{AE698831-C205-47F0-BEBB-6D23418EA891}" = protocol=1 | dir=out | [url=name=@firewallapi.dll,-28544]name=@firewallapi.dll,-28544[/url] | <br/>"{B06529E4-145F-495D-8764-ED106088029C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{B53C9654-0A72-4CBE-AEF7-E68DDA2F8087}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{C08593BA-4F0F-4AB2-8F8B-864D3DDA890A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{C234164B-8198-401C-AE47-B940649CA465}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | <br/>"{C5E7C862-C086-4F0C-B5F0-A84CABA4FA95}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | <br/>"{C98E9420-3FB2-4BB5-BE97-E08D568FC0DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{D5606BA9-62B0-4A48-8561-86EC42047D95}" = protocol=58 | dir=in | [url=name=@firewallapi.dll,-28545]name=@firewallapi.dll,-28545[/url] | <br/>"{D9B437DA-44AE-4CA6-A0B7-7EF30FDBA274}" = protocol=58 | dir=out | [url=name=@firewallapi.dll,-28546]name=@firewallapi.dll,-28546[/url] | <br/>"{E96F26C2-0BAC-43CE-ADBA-99743E3637EE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | <br/>"{F474678D-67D8-4965-A8FE-004355B83E01}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | <br/>"{F9B3BEEB-4D1B-4014-B95C-ACEED95173BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{FA709DDF-98FE-4DDA-BD23-4E8311DBA3AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{FFFDC539-3F38-4164-AA54-276153AA1940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | <br/>"TCP Query User{F955308F-DEF8-4E0E-B479-8CEB1950B99F}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | <br/>"UDP Query User{C7E206A5-4626-440E-916A-F45387EBABB1}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center <br/>"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant <br/>"{3CF97AC1-219E-44DA-B3DE-32FCAD606231}" = HP Officejet 4620 series Product Improvement Study <br/>"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client <br/>"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources <br/>"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended <br/>"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer <br/>"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 <br/>"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}" = HP Officejet 4620 series Basic Device Software <br/>"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector <br/>"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter <br/>"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 <br/>"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client <br/>"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service <br/>"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 <br/>"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile <br/>"Dell Support Center" = Dell Support Center <br/>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile <br/>"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended <br/>"Sandboxie" = Sandboxie 3.76 (64-bit) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer <br/>"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup <br/>"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer <br/>"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 <br/>"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker <br/>"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update <br/>"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions <br/>"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer <br/>"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback <br/>"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver <br/>"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 <br/>"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 <br/>"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections <br/>"{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}" = The Print Shop 3.0 Fonts <br/>"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery <br/>"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery <br/>"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage <br/>"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology <br/>"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio <br/>"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP <br/>"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery <br/>"{4B75C418-A7DF-4C11-B854-EB5EBFB07C88}" = The Print Shop 3.0 Professional <br/>"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module <br/>"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) <br/>"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack <br/>"{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help <br/>"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM <br/>"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module <br/>"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components <br/>"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update <br/>"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE <br/>"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 <br/>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable <br/>"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide <br/>"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 <br/>"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger <br/>"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 <br/>"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable <br/>"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform <br/>"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update <br/>"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime <br/>"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT <br/>"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English <br/>"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker <br/>"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 <br/>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail <br/>"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh <br/>"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer <br/>"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software <br/>"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common <br/>"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer <br/>"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer <br/>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) <br/>"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote <br/>"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR <br/>"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail <br/>"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR <br/>"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 <br/>"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform <br/>"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 <br/>"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common <br/>"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform <br/>"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP <br/>"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage <br/>"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources <br/>"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh <br/>"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 <br/>"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage <br/>"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi <br/>"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger <br/>"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module <br/>"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 <br/>"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] <br/>"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement <br/>"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic <br/>"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center <br/>"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials <br/>"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX <br/>"Adobe Shockwave Player" = Adobe Shockwave Player 11.6 <br/>"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows <br/>"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 <br/>"McAfee Security Scan" = McAfee Security Scan Plus <br/>"MSC" = McAfee SecurityCenter <br/>"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 <br/>"Picasa 3" = Picasa 3 <br/>"Rhapsody" = Rhapsody <br/>"WinLiveSuite" = Windows Live Essentials <br/>"ZinioReader4" = Zinio Reader 4 <br/> <br/>[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Smilebox" = Smilebox <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 3/13/2013 10:23:07 AM | Computer Name = Prism2-PC | Source = Application Error | ID = 1000 <br/>Description = Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: <br/> 0x4ec8881e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 <br/>Exception <br/> code: 0xc0000005 Fault offset: 0x4f4d4552 Faulting process id: 0x47a8 Faulting application <br/> start time: 0x01ce1fecdaa4fbad Faulting application path: C:\Program Files (x86)\Rhapsody\rhapsody.exe <br/>Faulting <br/> module path: unknown Report Id: 85cbe6b3-8be9-11e2-9d41-d4bed9e6be66 <br/> <br/>Error - 3/14/2013 3:04:22 AM | Computer Name = Prism2-PC | Source = SideBySide | ID = 16842832 <br/>Description = Activation context generation failed for "c:\Program Files (x86)\Cozi <br/> Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component <br/> version required by the application conflicts with another component version already <br/> active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. <br/>Component <br/> 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. <br/> <br/>Error - 3/14/2013 3:23:10 AM | Computer Name = Prism2-PC | Source = WinMgmt | ID = 10 <br/>Description = <br/> <br/>Error - 3/15/2013 3:01:25 AM | Computer Name = Prism2-PC | Source = SideBySide | ID = 16842832 <br/>Description = Activation context generation failed for "c:\Program Files (x86)\Cozi <br/> Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component <br/> version required by the application conflicts with another component version already <br/> active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. <br/>Component <br/> 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. <br/> <br/>Error - 3/16/2013 3:03:31 AM | Computer Name = Prism2-PC | Source = SideBySide | ID = 16842832 <br/>Description = Activation context generation failed for "c:\Program Files (x86)\Cozi <br/> Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component <br/> version required by the application conflicts with another component version already <br/> active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. <br/>Component <br/> 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. <br/> <br/>Error - 3/19/2013 3:19:09 AM | Computer Name = Prism2-PC | Source = WinMgmt | ID = 10 <br/>Description = <br/> <br/>Error - 3/20/2013 3:01:21 AM | Computer Name = Prism2-PC | Source = SideBySide | ID = 16842832 <br/>Description = Activation context generation failed for "c:\Program Files (x86)\Cozi <br/> Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component <br/> version required by the application conflicts with another component version already <br/> active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. <br/>Component <br/> 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. <br/> <br/>Error - 3/20/2013 11:15:48 AM | Computer Name = Prism2-PC | Source = Application Error | ID = 1000 <br/>Description = Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: <br/> 0x4ec8881e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 <br/>Exception <br/> code: 0xc0000005 Fault offset: 0x614d4300 Faulting process id: 0x2070 Faulting application <br/> start time: 0x01ce2578d347551b Faulting application path: C:\Program Files (x86)\Rhapsody\rhapsody.exe <br/>Faulting <br/> module path: unknown Report Id: 0b0fa377-9171-11e2-a078-d4bed9e6be66 <br/> <br/>Error - 3/21/2013 3:02:25 AM | Computer Name = Prism2-PC | Source = CVHSVC | ID = 100 <br/>Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): <br/> DownloadLatest Failed: The server name or address could not be resolved <br/> <br/>Error - 3/21/2013 3:03:34 AM | Computer Name = Prism2-PC | Source = SideBySide | ID = 16842832 <br/>Description = Activation context generation failed for "c:\Program Files (x86)\Cozi <br/> Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component <br/> version required by the application conflicts with another component version already <br/> active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. <br/>Component <br/> 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. <br/> <br/>[ System Events ] <br/>Error - 3/30/2013 8:01:20 AM | Computer Name = Prism2-PC | Source = Service Control Manager | ID = 7034 <br/>Description = The Google Update Service (gupdate) service terminated unexpectedly. <br/> It has done this 1 time(s). <br/> <br/>Error - 3/30/2013 8:01:50 AM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 3/31/2013 8:26:46 AM | Computer Name = Prism2-PC | Source = Service Control Manager | ID = 7034 <br/>Description = The Google Update Service (gupdate) service terminated unexpectedly. <br/> It has done this 2 time(s). <br/> <br/>Error - 3/31/2013 8:27:16 AM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 4/3/2013 8:01:11 PM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 4/3/2013 8:01:11 PM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 4/4/2013 3:00:52 AM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 4/4/2013 9:31:44 AM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/>Error - 4/15/2013 10:54:23 AM | Computer Name = Prism2-PC | Source = Service Control Manager | ID = 7000 <br/>Description = The MCSTRM service failed to start due to the following error: %%2 <br/> <br/>Error - 4/15/2013 4:55:27 PM | Computer Name = Prism2-PC | Source = DCOM | ID = 10010 <br/>Description = <br/> <br/> <br/>< End of report >
Posted 4/22/2013 3:35 PM
#95485
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[color="#0000ff"]http://www.bleepingcomputer.com/download/junkware-removal-tool/[/color]</a><o:p></o:p></div> <br/> <br/> <br/><o:p> </o:p> <br/> <br/><font face="Times New Roman"><span style="color: red;">Disable your Antivirus program if required</font> <br/><font face="Times New Roman"><span style="color: red;"> <br/> <br/>For vista and windows 7 right click on the tool and select run as administrator <br/> <br/>After the scan is completed, post the generated log here, along with OTL, adwcleaner. <br/> <br/>And tell how your computer are behaving now ? <br/> <br/> <br/> <br/></font>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/23/2013 11:54 AM
#95491
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Log.... <br/> <br/>All processes killed <br/>========== PROCESSES ========== <br/>========== SERVICES/DRIVERS ========== <br/>========== OTL ========== <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. <br/>C:\Users\Prism2\Desktop\~WRL0892.tmp deleted successfully. <br/>C:\Users\Prism2\Desktop\~WRL0958.tmp deleted successfully. <br/>C:\Users\Prism2\Desktop\~WRL2242.tmp deleted successfully. <br/>========== FILES ========== <br/>[color=#A23BEC]< ipconfig /flushdns /c >[/color] <br/>Windows IP Configuration <br/>Successfully flushed the DNS Resolver Cache. <br/>C:\Users\Prism2\Desktop\cmd.bat deleted successfully. <br/>C:\Users\Prism2\Desktop\cmd.txt deleted successfully. <br/>========== COMMANDS ========== <br/>C:\Windows\System32\drivers\etc\Hosts moved successfully. <br/>HOSTS file reset successfully <br/>Restore point Set: OTL Restore Point <br/> <br/>[EMPTYTEMP] <br/> <br/>User: Alannah <br/>->Temp folder emptied: 2090634 bytes <br/>->Temporary Internet Files folder emptied: 262848562 bytes <br/>->Java cache emptied: 268223 bytes <br/>->Flash cache emptied: 146103 bytes <br/> <br/>User: All Users <br/> <br/>User: Default <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/>->Flash cache emptied: 56466 bytes <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/>->Flash cache emptied: 0 bytes
Posted 4/23/2013 3:00 PM
#95494
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
adwcleaner log: <br/> <br/># AdwCleaner v2.202 - Logfile created 04/23/2013 at 10:59:06 <br/># Updated 23/04/2013 by Xplode <br/># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># User : Prism2 - PRISM2-PC <br/># Boot Mode : Normal <br/># Running from : C:\Users\Prism2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWI2EZLA\adwcleaner (1).exe <br/># Option [Search] <br/> <br/> <br/>***** [Services] ***** <br/> <br/> <br/>***** [Files / Folders] ***** <br/> <br/>File Found : C:\Users\Public\Desktop\eBay.lnk <br/> <br/>***** [Registry] ***** <br/> <br/>Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD <br/>Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD <br/> <br/>***** [Internet Browsers] ***** <br/> <br/>-\\ Internet Explorer v9.0.8112.16476 <br/> <br/>[OK] Registry is clean. <br/> <br/>-\\ Google Chrome v [Unable to get version] <br/> <br/>File : C:\Users\Prism2\AppData\Local\Google\Chrome\User Data\Default\Preferences <br/> <br/>[OK] File is clean. <br/> <br/>************************* <br/> <br/>AdwCleaner[R1].txt - [967 octets] - [23/04/2013 10:59:06] <br/> <br/>########## EOF - C:\AdwCleaner[R1].txt - [1026 octets] ##########
Posted 4/23/2013 3:13 PM
#95495
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi. Not sure if you wanted this log as well so I figured I'd post it...Seems like system is running okay. I know you had me run scans and removal software so something must have been on here?! What type of bad files were they? Just curious as to the possible source of where whatever got into our system came from. Any suggestions on how to safeguard our system if the kids are on here playing a game? <br/> <br/> <br/> <br/> <br/> <br/> <br/>ju~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 4.8.9 (04.22.2013:1) <br/>OS: Windows 7 Home Premium x64 <br/>Ran by Prism2 on Tue 04/23/2013 at 11:01:56.76 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/> <br/> <br/>~~~ Services <br/> <br/> <br/> <br/>~~~ Registry Values <br/> <br/> <br/> <br/>~~~ Registry Keys <br/> <br/> <br/> <br/>~~~ Files <br/> <br/>Successfully deleted: [File] "C:\Windows\couponprinter.ocx" <br/> <br/> <br/> <br/>~~~ Folders <br/> <br/>Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" <br/> <br/> <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/> <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on Tue 04/23/2013 at 11:04:41.91 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 4/30/2013 3:06 PM
#95539
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi Touch, <br/> <br/>Well, our system was running great until this morning when one of my kids was on here and as soon as he stopped his game and I went to get online, everything began moving super slowly again. I am going to update my malwarebytes and run a scan but last time that did nothing to help and picked nothing up. I would re-run all of the steps that you had me do last week but I don't want to unless I know it won't harm my system to do so. At any rate, my little guy won't be on this computer anymore for anything but school work. Thanks in advance for your help!
Posted 5/1/2013 5:36 AM
#95543
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"I would re-run all of the steps that you had me do last week" <br/> <br/> <br/> <br/>No need for that, but I´ll suggest you download and run combofix. <br/> <br/> <br/> <br/><span lang="DA">Please download Combofix from: <br/>http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/> <br/><font face="Verdana"><span lang="EN-GB"> And save to the desktop. <br/> <br/></font><span lang="DA">  <br/> <br/><font face="Arial"><span lang="EN-GB">After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/> <br/>Exit all windows that are currently open on your computer. <br/> <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/></font><span lang="DA"> <br/> <br/><font face="Verdana"><span lang="X-NONE">  <br/> <br/><span lang="EN-GB">Double-click on the combofix icon found on your desktop. <br/> <br/>  <br/> <br/><b>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/></b> <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/> <br/>  <br/> <br/> <br/> <br/>Post the contents of that log in your next reply <br/> <br/></font><span lang="DA"> <br/> <br/><font face="Verdana"><span lang="X-NONE">The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/> <br/> <br/></font>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/7/2013 11:15 PM
#95728
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hey Touch. For some reason, I never realized the message above was there. Sorry. Anyway, while my system began running okay, I am not certain that I have a virus. My computer has 5 users. All of them, when we go to get online, go to a spam type page called Sweetwater or something like that. I did update and run malwarebytes on my user page but not on anyone elses. It did pick something up and it was removed. I then ran COMBOfix on my husband's user page and that took forever but got rid of stuff. We can get online on his page without it going to the SPAM page but can not do this on anyone elses user page. Not sre what to do now. Please help! I am afraid to use the internet as I do not want to have more damage to our system done. Thanks!
Posted 6/8/2013 8:57 AM
#95729
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
It sounds like you´ve got (PUP) potencialley unwanted software installed - It is installed by other software without proper user consent</div> <br/> <br/> <br/>Please download adwcleaner: <br/>http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner <br/> <br/>• Double click on AdwCleaner.exe to run the tool. <br/>***Note: Windows Vista and Windows 7 users: <br/>Right click in the adwCleaner.exe and select – Run as admin <br/>• Click Delete. <br/>• Everything that was found will be deleted. <br/> <br/>• Save any open files and approve the reboot. A text file will open after the restart. <br/> <br/> <br/>[color="#0000ff"]http://www.bleepingcomputer.com/download/junkware-removal-tool/[/color]</a><o:p></o:p> <br/> <br/><o:p> </o:p> <br/><font face="Times New Roman"><span style="color: red;">Disable your Antivirus program if required</font> <br/><font face="Times New Roman"><span style="color: red;"> <br/> For vista and windows 7 right click on the tool and select run as administrator <br/> After the scan is completed, post the generated log here, along with adwcleaner log <br/></font>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/8/2013 5:14 PM
#95733
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi. Okay I ran the adwcleaner and at first by mistake I hit search and it generated the log I will post with this reply. I then re-did it and hit delete but a log never generated after the system rebooted so the only log I have is the one from before I hit delete. Here is that log... <br/> <br/><br /><br /> <br/># AdwCleaner v2.302 - Logfile created 06/08/2013 at 12:36:40 <br/># Updated 06/06/2013 by Xplode <br/># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># User : Prism2 - PRISM2-PC <br/># Boot Mode : Normal <br/># Running from : C:\Users\Todd\Desktop\adwcleaner.exe <br/># Option [Search] <br/> <br/> <br/>***** [Services] ***** <br/> <br/> <br/>***** [Files / Folders] ***** <br/> <br/>File Found : C:\Users\Public\Desktop\eBay.lnk <br/>Folder Found : C:\Program Files (x86)\SweetIM <br/>Folder Found : C:\Program Files\Updater By SweetPacks <br/>Folder Found : C:\ProgramData\WeCareReminder <br/>Folder Found : C:\Windows\SysWOW64\WNLT <br/> <br/>***** [Registry] ***** <br/> <br/>Key Found : HKCU\Software\IM <br/>Key Found : HKCU\Software\ImInstaller <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} <br/>Key Found : HKCU\Software\wecarereminder <br/>Key Found : HKCU\Software\WNLT <br/>Key Found : HKCU\Software\YahooPartnerToolbar <br/>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} <br/>Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} <br/>Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL <br/>Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL <br/>Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject <br/>Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 <br/>Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder <br/>Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 <br/>Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD <br/>Key Found : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843 <br/>Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD <br/>Key Found : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843 <br/>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} <br/>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} <br/>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} <br/>Key Found : HKU\S-1-5-21-859680719-266510675-1798406396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} <br/>Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] <br/>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] <br/>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] <br/>Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] <br/>Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] <br/>Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] <br/> <br/>***** [Internet Browsers] ***** <br/> <br/>-\\ Internet Explorer v9.0.8112.16483 <br/> <br/>[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={00A4A2ED-CEFB-11E2-8009-D4BED9E6BE66} <br/>[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={00A4A2ED-CEFB-11E2-8009-D4BED9E6BE66} <br/> <br/>-\\ Google Chrome v [Unable to get version] <br/> <br/>File : C:\Users\Prism2\AppData\Local\Google\Chrome\User Data\Default\Preferences <br/> <br/>[OK] File is clean. <br/> <br/>************************* <br/> <br/>AdwCleaner[R1].txt - [6818 octets] - [08/06/2013 12:36:40] <br/> <br/>########## EOF - C:\AdwCleaner[R1].txt - [6878 octets] ##########
Posted 6/8/2013 5:15 PM
#95734
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Here is the junkware log.... <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 4.9.4 (05.06.2013:1) <br/>OS: Windows 7 Home Premium x64 <br/>Ran by Prism2 on Sat 06/08/2013 at 12:58:52.12 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/> <br/> <br/>~~~ Services <br/> <br/>Successfully stopped: [Service] updater by sweetpacks <br/>Successfully deleted: [Service] updater by sweetpacks <br/> <br/> <br/> <br/>~~~ Registry Values <br/> <br/> <br/> <br/>~~~ Registry Keys <br/> <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim <br/> <br/> <br/> <br/>~~~ Files <br/> <br/>Successfully deleted: [File] "C:\Windows\couponprinter.ocx" <br/> <br/> <br/> <br/>~~~ Folders <br/> <br/>Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" <br/> <br/> <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/> <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on Sat 06/08/2013 at 13:02:07.26 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 6/9/2013 7:36 AM
#95737
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Can you go online now, without going to the SPAM page ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/10/2013 7:26 PM
#95745
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Yes, I can get online without being re-directed to that page. I do notice though that when I go online there is an alert at the bottom right hand corner of my screen that says something about my Intel Security not being set up right. I have not clicked on it because I have never seen this before. Would this be legit and something that I need to open? Also, which passwords or login information do I need to change since there was obviously some type of program installed in my system that we got rid of through running the scans that you had me run? Just wondering so that I know if I have to re-set everything that has a password or not......Thanks!! <br/> <br/><br /><br />
Posted 6/11/2013 1:19 PM
#95751
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
" Just wondering so that I know if I have to re-set everything that has a password or not"</div> <br/> <br/>No need to change password, because it was "only" PUP - Potentially unwanted programs - we have removed, they do no harm, they are just annoying. <br/> <br/> <br/>about my Intel Security <br/> <br/> <br/> <br/>I´m not sure what this is about, I´ll therefore suggest you post a hijackthis log. <br/> <br/> <br/> <br/>Click: [color="#0066cc"]http://sourceforge.net/projects/hjt/[/color] <br/> <br/><span lang="EN-GB"> <br/> <br/>to download HJTinstall.exe <br/> <br/>Save HJTinstall.exe to your desktop. <br/> <br/>Double click on the HJTinstall.exe icon on your desktop. <br/> <br/>By default it will install to C:\Program Files\Trend Micro\Hijack This. <br/> <br/>Click I accept <br/> <br/>Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. <br/> <br/>Click Save to save the log file and then the log will open in notepad. <br/> <br/>Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. <br/> <br/>  <br/> <br/>Post hijackthis log in next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/11/2013 3:01 PM
#95753
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Here is the Logfile that you asked for. Just an FYI-When I hit "I agree" a pop up window came up that said something about my system not allowing something to "write" and offered a suggestion of what to do by typing something onto my browser and then finding and deleting HiJackThis Reports. I did not do this because once I Xed out the window the scan ran and a logfile was generated. I hope this was okay.... <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.5 <br/>Scan saved at 10:56:21 AM, on 6/11/2013 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16483) <br/> <br/> <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe <br/>C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/>C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe <br/>C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe <br/>C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe <br/>C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe <br/>C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe <br/>C:\Users\Prism2\Desktop\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Updater By SweetPacks Helper - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll (file missing) <br/>O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120908174900.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Kids\AppData\Local\TopArcadeHits\Toparcadehits.dll (file missing) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) <br/>O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" <br/>O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" <br/>O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 <br/>O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey <br/>O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 <br/>O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22E1105Y05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 <br/>O4 - HKCU\..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/>O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = ? <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 <br/>O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe <br/>O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
Posted 6/11/2013 3:05 PM
#95754
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Sorry, should have posted this to the last reply. HiJack This generated another screen that I noticed after I xed the logfile out. It lists a bunch of things that either need to be checked or left unchecked in order to be "fixed". I am not sure what to check or not or if I am just supposed to leave them alone. I'll try to leave it on my screen until I get a reply back but my system may freeze and I may have to chut it down which will make me lost that page so may need to scan again......
Posted 6/11/2013 3:13 PM
#95755
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
It lists a bunch of things that either need to be checked or left unchecked in order to be "fixed <br/> <br/></div></div> <br/> <br/> <br/>Do you have a name/names of the Things ? <br/> <br/> <br/> <br/>Also please post a complete hijackthis log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/11/2013 4:45 PM
#95756
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Sorry, I must have only copied part of the log. As for the other box that popped up after I closed the log.... It seems like it may include all of the things listed in the logfile below. I am only confused because the box that popped up after the scan and after I closed out the logfile gives me the option to check boxes and then hit "fix checked". I did not check anything yet though. I still have the box on my screen because I am unsure of what to check and fix (if anything) but it definitely lists all of the things that are on the logfile. <br/> <br/> Logfile of Trend Micro HijackThis v2.0.5 <br/>Scan saved at 10:56:21 AM, on 6/11/2013 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16483) <br/> <br/> <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe <br/>C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/>C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe <br/>C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe <br/>C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe <br/>C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe <br/>C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe <br/>C:\Users\Prism2\Desktop\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Updater By SweetPacks Helper - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll (file missing) <br/>O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120908174900.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Kids\AppData\Local\TopArcadeHits\Toparcadehits.dll (file missing) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) <br/>O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" <br/>O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" <br/>O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 <br/>O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey <br/>O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 <br/>O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22E1105Y05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 <br/>O4 - HKCU\..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/>O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = ? <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 <br/>O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe <br/>O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe <br/>O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU) <br/>O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU) <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL <br/>O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: CFUACProxy_officeguardianv2 - Storage Appliance Corp. - C:\ProgramData\OfficeGuardianV2\UACProxy.exe <br/>O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe <br/>O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe <br/>O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe <br/>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe <br/>O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe <br/>O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe <br/>O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe <br/>O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe <br/>O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe <br/>O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe <br/>O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe <br/>O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe <br/>O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe <br/>O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe <br/>O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE <br/>O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/>O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe <br/> <br/>-- <br/>End of file - 14554 bytes
Posted 6/12/2013 8:19 AM
#95760
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Rightclick on hijackthis - run as admin.</div> <br/> <br/> <br/><span lang="EN-GB">Run a scan with HijackThis. Check the following and hit 'Fix checked: <br/> <br/> <br/> <br/><span lang="DA">O2 - BHO: Updater By SweetPacks Helper - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll (file missing) <br/> <br/>O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Kids\AppData\Local\TopArcadeHits\Toparcadehits.dll (file missing) <br/> <br/>O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/> <br/>O4 - HKLM\..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe <br/> <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/> <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime <br/> <br/>O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22E1105Y05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 <br/> <br/>O4 - HKCU\..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe <br/> <br/>O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler <br/> <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = ? <br/> <br/>Reboot, and tell how your computer are behaving now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/13/2013 3:59 PM
#95774
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Seems to be running okay except that now every time I am the computer my expired Mcafee Security window pop ups at bottom of my screen. I cannot figure out how to disable it because when I click on it, it just sends me to a renew screen and won't let me stop the pop ups. Not sure why it is haapening all of a sudden though as it expired months ago......But, other than that, seems like things are running well. <br/> <br/>As always, thank you so much for your help!
Posted 6/14/2013 5:16 AM
#95779
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Mcafee Security window pop ups at bottom of my screen. I cannot figure out how to disable it because when I click on it, it just sends me to a renew screen. <br/> <br/> <br/> <br/> <br/></div></div> <br/> <br/>If you want to remove Mcafee Security, I'll be glad to help. You will however need a new/other antivirus, so if you have a particular antivirus program in mind, let me know ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/19/2013 4:44 PM
#95819
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi, Thanks. I think I just want to disable the McAfee rather than deleting the entire program. Just want it to stop popping up. I used to use a free anti virus program before I bought this system with Windows 7. Are there any decent ones that are free or should I really be purchasing the McAfee that is installed on this system already? Just curious on your thoughts on this......
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 7:10 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.