TechSpot

Problem with Firefox freezing for a period of time

Solved
By joehamrick
Jan 26, 2013
Topic Status:
Not open for further replies.
  1. Hello, I'm having a problem with Firefox browser. At times it freezes. After 30 seconds or more it then becomes responsive. I ran all the various cleaners listed in one of your posts and removed several items. The problem is not as bad but still exists.
    Thank you.

    Below are to logs requested. Thanks in advance for taking the time out of your busy day to help me.


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.26.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    XPS720 :: XPS720-PC [administrator]

    1/26/2013 9:30:11 AM
    mbam-log-2013-01-26 (09-30-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246974
    Time elapsed: 4 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by XPS720 at 9:42:21 on 2013-01-26
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4093.1484 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\crypserv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ATT-SST\pcTrayApp.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
    C:\Users\XPS720\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files\zabkat\xplorer2\xplorer2_64.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
    C:\Users\XPS720\AppData\Local\Mozilla Firefox\firefox.exe
    C:\Users\XPS720\AppData\Local\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Microsoft Streets & Trips 2011\StreetsOlkShim.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Free Cell\freecell.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\XPS720\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\XPS720\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOODLE~1.LNK - C:\Windows\Installer\{11B9E1CD-5E1F-4DE1-9166-A99C098FCA4C}\_4C5529695D9F0A7DB3C153.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: $talisma_url$
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{358EB672-DF0C-49B6-A591-F8CF7311D9E7} : DHCPNameServer = 192.168.1.254
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\
    FF - prefs.js: browser.startup.homepage - hxxp://speeddial.uworks.net/welcome.html|http://www.exxile.de/aios_installed...nt/speeddial.xul|http://www.drudgereport.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\XPS720\AppData\Local\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    FF - plugin: C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
    FF - plugin: C:\Users\XPS720\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-26 15:19; mcciwbch@motive.com; C:\Users\XPS720\AppData\Local\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi
    FF - ExtSQL: 2012-12-15 21:37; infoatoms@infoatoms.com; C:\Users\XPS720\AppData\Local\Mozilla Firefox\extensions\infoatoms@infoatoms.com
    FF - ExtSQL: 2013-01-13 01:09; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    FF - ExtSQL: !HIDDEN! 2012-12-15 21:37; infoatoms@infoatoms.com; C:\Users\XPS720\AppData\Local\Mozilla Firefox\extensions\infoatoms@infoatoms.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-1-30 137312]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-9-15 211552]
    R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2013-1-25 146528]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/01/31 16:30:53];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2012-1-31 146928]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-1-25 367200]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-9-19 17920]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-9-15 130976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2013-01-26 01:47:28 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2013-01-26 01:47:20 1294432 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
    2013-01-26 01:47:07 146528 ----a-w- C:\Windows\System32\drivers\vsflt67.sys
    2013-01-26 01:47:04 320096 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2013-01-25 17:20:24 -------- d-----w- C:\Users\XPS720\AppData\Roaming\ICAClient
    2013-01-25 17:20:07 -------- d-----w- C:\ProgramData\Citrix
    2013-01-25 17:19:13 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
    2013-01-25 17:19:12 -------- d-----w- C:\Users\XPS720\AppData\Local\Citrix
    2013-01-25 17:19:11 -------- d-----w- C:\Program Files (x86)\Citrix
    2013-01-25 17:10:32 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-25 16:10:43 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
    2013-01-25 07:40:58 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C938E1F8-09EE-47C4-B54A-C92FEA90F862}\mpengine.dll
    2013-01-25 05:17:23 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-24 04:46:32 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-01-24 04:25:59 98816 ----a-w- C:\Windows\sed.exe
    2013-01-24 04:25:59 256000 ----a-w- C:\Windows\PEV.exe
    2013-01-24 04:25:59 208896 ----a-w- C:\Windows\MBR.exe
    2013-01-24 03:20:19 -------- d-----w- C:\Users\XPS720\AppData\Local\Programs
    2013-01-19 16:41:20 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-19 16:41:20 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-19 00:32:25 -------- d-----w- C:\Users\XPS720\AppData\Local\Mozilla Firefox
    2013-01-18 00:20:36 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2013-01-18 00:17:38 106240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-01-16 15:26:02 -------- d-----w- C:\Program Files (x86)\ESET
    2013-01-11 02:13:16 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
    2013-01-11 02:06:47 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-01-11 02:06:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-01-11 02:06:47 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-01-11 02:06:46 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-01-11 02:06:46 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-01-11 02:06:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-01-11 02:06:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-01-09 11:10:41 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-12-29 22:19:18 -------- d-----w- C:\Users\XPS720\AppData\Local\MR APP
    2012-12-29 22:18:17 -------- d-----w- C:\ProgramData\Package Cache
    .
    ==================== Find3M ====================
    .
    2013-01-25 17:10:15 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-25 17:10:14 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 20:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 02:52:50 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys
    2012-11-02 02:52:50 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2004-10-10 17:14:20 272896 ----a-w- C:\Program Files (x86)\stripmail.exe
    .
    ============= FINISH: 9:43:54.81 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2012 5:15:26 PM
    System Uptime: 1/25/2013 8:39:31 PM (13 hours ago)
    .
    Motherboard: Dell Inc. | | 0YU822
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Microprocessor | 2400/1066mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 151 GiB total, 68.922 GiB free.
    D: is FIXED (NTFS) - 80 GiB total, 23.928 GiB free.
    E: is FIXED (NTFS) - 50 GiB total, 14.661 GiB free.
    F: is FIXED (NTFS) - 161 GiB total, 121.905 GiB free.
    G: is FIXED (NTFS) - 100 GiB total, 99.895 GiB free.
    H: is FIXED (NTFS) - 155 GiB total, 146.388 GiB free.
    I: is FIXED (NTFS) - 488 GiB total, 176.925 GiB free.
    J: is FIXED (NTFS) - 165 GiB total, 125.767 GiB free.
    K: is FIXED (NTFS) - 80 GiB total, 23.926 GiB free.
    L: is FIXED (NTFS) - 50 GiB total, 14.656 GiB free.
    M: is FIXED (NTFS) - 100 GiB total, 99.865 GiB free.
    O: is FIXED (NTFS) - 280 GiB total, 268.723 GiB free.
    P: is FIXED (NTFS) - 488 GiB total, 176.879 GiB free.
    Q: is FIXED (NTFS) - 488 GiB total, 106.055 GiB free.
    R: is FIXED (NTFS) - 53 GiB total, 22.466 GiB free.
    S: is FIXED (NTFS) - 98 GiB total, 37.563 GiB free.
    T: is FIXED (NTFS) - 98 GiB total, 37.533 GiB free.
    U: is Removable
    W: is FIXED (NTFS) - 537 GiB total, 484.65 GiB free.
    X: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SBRE
    Device ID: ROOT\LEGACY_SBRE\0000
    Manufacturer:
    Name: SBRE
    PNP Device ID: ROOT\LEGACY_SBRE\0000
    Service: SBRE
    .
    ==== System Restore Points ===================
    .
    RP158: 1/21/2013 10:05:45 PM - Windows Update
    RP159: 1/23/2013 11:12:58 PM - Cleaning 1_23_2013
    RP160: 1/25/2013 12:16:53 AM - Windows Update
    RP161: 1/25/2013 12:09:22 PM - Installed Java 7 Update 11
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    2FlyerPro
    4Team DuplicateKiller
    4Team Outlook Duplicate Remover
    7-Zip 9.20 (x64 edition)
    Acronis True Image Home 2012
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.3 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Lightroom 3.6 64-bit
    Adobe Photoshop Lightroom 4.3 64-bit
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Anti-Dupe for Microsoft Outlook
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV and Media Player 3.1.1.12
    AT&T Portal
    AT&T Troubleshoot & Resolve Tool
    Audacity 1.3.14 (Unicode)
    Audacity 2.0.2
    Auslogics Disk Defrag
    AxCrypt 1.7.2931.0
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.11
    Canon Utilities EOS Utility
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities WFT Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Cisco WebEx Meetings
    Citrix Authentication Manager
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver Updater
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Creative MediaSource 5
    CrystalDiskInfo 5.3.1 Shizuku Edition
    D3DX10
    DiskAid 5.41
    Download Manager and Options
    Dropbox
    DVDVideoSoftTB Toolbar
    EasyGPS 4.36
    EmailStripper 2.2
    EOSInfo
    EPSON Printer Software
    FastStone Image Viewer 4.6
    Free Studio version 5.7.3.916
    FreeRIP 3.91
    Futuremark SystemInfo
    Gadwin PrintScreen
    Garmin Communicator Plugin
    Garmin Communicator Plugin x64
    Garmin Lifetime Updater
    Google Earth
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Update
    I.R.I.S. OCR
    iCloud
    InfoAtoms [Uninstall]
    Instant JPEG From RAW
    IrfanView (remove only)
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Karen's Replicator
    LAME v3.98.3 for Audacity
    Light Image Resizer 4.3.1.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Garage Mouse without Borders
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Personal Folders Backup
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2011
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Movie Maker
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mp3tag v2.52
    mSecure
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyProfessional Business Cards 7.0
    Notepad++
    NVIDIA 3D Vision Controller Driver 306.23
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OLYMPUS Master 2
    Online Plug-in
    OpenAL
    OverDrive Media Console
    PCMark 7
    PDF Settings CS5
    Personal Ancestral File 5
    Personal Ancestral File Companion 5.7
    Phanfare
    Photo Common
    Photo Gallery
    Photodex Presenter
    PIXresizer
    Plus Pack for Acronis True Image Home 2012
    PowerDVD
    ProShow Gold
    QuickSet
    QuickTime
    Revo Uninstaller 1.94
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Self-service Plug-in
    Sound Blaster X-Fi
    SpeedFan (remove only)
    StreetSmart Edge®
    StreetSmart Pro
    SUPERAntiSpyware
    swMSM
    TC2000 Version 7
    Toodledo Sync Application
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wrapper
    Unlocker 1.9.1-x64
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VarieDrop 1.1.3.0
    VectorVest 7
    VLC media player 2.0.3
    VueScan
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinMend Folder Hidden 1.4.5.4
    xplorer² professional 64 bit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/26/2013 9:42:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the pcServiceHost service.
    1/25/2013 8:43:19 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/25/2013 8:43:19 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    1/25/2013 8:43:15 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069
    1/25/2013 8:43:15 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140995069
    1/25/2013 8:43:15 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
    1/25/2013 8:41:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    1/25/2013 8:35:21 PM, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 2 time(s).
    1/25/2013 8:34:04 PM, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    1/25/2013 12:11:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    1/23/2013 11:54:39 PM, Error: Service Control Manager [7000] - The Mouse without Borders Service service failed to start due to the following error: A device attached to the system is not functioning.
    1/23/2013 11:43:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/23/2013 11:40:46 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.



    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  3. joehamrick

    joehamrick TS Rookie Topic Starter

    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 14:28:25
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : XPS720 - XPS720-PC
    # Boot Mode : Normal
    # Running from : C:\Users\XPS720\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [27084 octets] - [24/01/2013 00:04:19]
    AdwCleaner[S2].txt - [1583 octets] - [26/01/2013 14:28:25]

    ########## EOF - C:\AdwCleaner[S2].txt - [1643 octets] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.0 (01.23.2013:2)
    OS: Windows 7 Professional x64
    Ran by XPS720 on Sat 01/26/2013 at 14:38:09.42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\XPS720\AppData\Roaming\dvdvideosoftiehelpers"
    Successfully deleted: [Folder] "C:\Users\XPS720\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"



    ~~~ FireFox

    Successfully deleted: [File] "C:\Users\XPS720\AppData\Roaming\mozilla\firefox\profiles\bmmd76si.default\extensions\isreaditlater@ideashower.com.xpi"
    Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\infoatoms@infoatoms.com
    Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\ocr@babylon.com
    Emptied folder: C:\Users\XPS720\AppData\Roaming\mozilla\firefox\profiles\bmmd76si.default\minidumps [129 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/26/2013 at 14:45:44.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ComboFix 13-01-26.02 - XPS720 01/26/2013 14:54:15.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4093.2367 [GMT -5:00]
    Running from: c:\users\XPS720\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\neoqaz2.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-26 20:07 . 2013-01-26 20:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-01-26 20:07 . 2013-01-26 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-26 20:07 . 2013-01-26 20:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-01-26 19:38 . 2013-01-26 19:38 -------- d-----w- c:\windows\ERUNT
    2013-01-26 19:37 . 2013-01-26 19:37 -------- d-----w- C:\JRT
    2013-01-26 19:27 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56CC07F1-44A8-48BD-A5FB-5D95BB3E10B7}\mpengine.dll
    2013-01-26 01:47 . 2013-01-26 01:47 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2013-01-26 01:47 . 2013-01-26 01:47 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2013-01-26 01:47 . 2013-01-26 01:47 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
    2013-01-26 01:47 . 2013-01-26 01:47 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
    2013-01-26 01:46 . 2013-01-26 01:47 -------- d-----w- c:\program files (x86)\Common Files\Acronis
    2013-01-25 17:20 . 2013-01-25 17:26 -------- d-----w- c:\users\XPS720\AppData\Roaming\ICAClient
    2013-01-25 17:20 . 2013-01-25 17:20 -------- d-----w- c:\programdata\Citrix
    2013-01-25 17:19 . 2013-01-25 17:19 -------- d-----w- c:\program files (x86)\Common Files\Citrix
    2013-01-25 17:19 . 2013-01-25 17:20 -------- d-----w- c:\users\XPS720\AppData\Local\Citrix
    2013-01-25 17:19 . 2013-01-25 17:20 -------- d-----w- c:\program files (x86)\Citrix
    2013-01-25 17:12 . 2013-01-25 17:12 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-01-25 17:10 . 2013-01-25 17:10 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-25 16:10 . 2013-01-25 16:11 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
    2013-01-25 07:40 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-24 03:20 . 2013-01-24 03:20 -------- d-----w- c:\users\XPS720\AppData\Local\Programs
    2013-01-19 16:41 . 2013-01-19 16:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-19 16:41 . 2013-01-19 16:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-19 00:32 . 2013-01-19 16:27 -------- d-----w- c:\users\XPS720\AppData\Local\Mozilla Firefox
    2013-01-18 00:20 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2013-01-18 00:17 . 2012-12-18 17:07 106240 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-01-16 15:26 . 2013-01-16 15:26 -------- d-----w- c:\program files (x86)\ESET
    2013-01-11 02:13 . 2013-01-11 02:13 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
    2013-01-11 02:06 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-11 02:06 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-11 02:06 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-11 02:06 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-11 02:06 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-11 02:06 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-11 02:06 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-09 11:10 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-29 22:19 . 2012-12-29 22:19 -------- d-----w- c:\users\XPS720\AppData\Local\MR APP
    2012-12-29 22:18 . 2012-12-29 22:18 -------- d-----w- c:\programdata\Package Cache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-25 17:10 . 2012-09-15 17:57 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-01-25 17:10 . 2012-09-15 17:57 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-01-10 08:07 . 2012-01-30 23:41 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-16 17:11 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 21:49 . 2012-09-17 12:51 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:45 . 2013-01-09 11:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-28 07:53 . 2012-11-28 07:53 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D2A287B-C09E-402E-B86F-4E2A8D666811}\gapaengine.dll
    2012-11-14 07:06 . 2012-12-12 08:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-12 08:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-12 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-12 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-12 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-12 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-12 08:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-12 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-12 08:01 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-12 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-12 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-12 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-12 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-12 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-12 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-12 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-12 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-12 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 00:06 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 00:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 20:38 . 2012-11-02 20:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
    2012-11-02 05:59 . 2012-12-12 00:05 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 00:05 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-11-02 02:52 . 2012-11-02 02:52 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-11-02 02:52 . 2012-11-02 02:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
    2012-10-29 11:27 . 2012-10-29 11:27 10 ----a-w- c:\windows\Fonts\wfonts.key
    2012-10-29 02:11 . 2012-10-29 02:11 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2004-10-10 17:14 . 2012-09-16 01:19 272896 ----a-w- c:\program files (x86)\stripmail.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312]
    "QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-08-21 12288]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
    "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-10-28 128296]
    "OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
    "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
    .
    c:\users\XPS720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\XPS720\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-9 1541400]
    Toodledo Sync Tool.lnk - c:\windows\Installer\{11B9E1CD-5E1F-4DE1-9166-A99C098FCA4C}\_4C5529695D9F0A7DB3C153.exe [2012-9-20 894]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-09-19 17920]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-15 137312]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-15 211552]
    S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2013-01-26 146528]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-04-25 93272]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/01/31 16:30];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2008-10-28 02:34 146928]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-01-26 3459024]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
    S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-07-06 361472]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-07-06 441344]
    S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-09-26 342528]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5915352]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-01-26 367200]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\XPS720\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\XPS720\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\XPS720\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\XPS720\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 2727936]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\
    FF - prefs.js: browser.startup.homepage - hxxp://speeddial.uworks.net/welcome.html|http://www.exxile.de/aios_installed...nt/speeddial.xul|http://www.drudgereport.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - ExtSQL: 2012-12-15 21:37; infoatoms@infoatoms.com; c:\users\XPS720\AppData\Local\Mozilla Firefox\extensions\infoatoms@infoatoms.com
    FF - ExtSQL: 2013-01-13 01:09; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    AddRemove-InfoAtoms - c:\program files (x86)\InfoAtoms\Uninstall.exe
    AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
    AddRemove-CT2269050 - c:\users\XPS720\AppData\Local\Conduit\CT2269050\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-26 15:30:25
    ComboFix-quarantined-files.txt 2013-01-26 20:30
    ComboFix2.txt 2013-01-24 04:51
    .
    Pre-Run: 74,266,058,752 bytes free
    Post-Run: 74,268,336,128 bytes free
    .
    - - End Of File - - F51F80C3AB2E76326ED0C203BF742816
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  5. joehamrick

    joehamrick TS Rookie Topic Starter

    1 of 3
    OTL logfile created on: 1/26/2013 6:34:59 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XPS720\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 52.94% Memory free
    7.99 Gb Paging File | 5.98 Gb Available in Paging File | 74.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 151.30 Gb Total Space | 69.02 Gb Free Space | 45.62% Space Free | Partition Type: NTFS
    Drive D: | 80.00 Gb Total Space | 23.93 Gb Free Space | 29.91% Space Free | Partition Type: NTFS
    Drive E: | 50.00 Gb Total Space | 14.66 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
    Drive F: | 161.13 Gb Total Space | 121.90 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Gb Total Space | 99.90 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
    Drive H: | 155.00 Gb Total Space | 146.34 Gb Free Space | 94.41% Space Free | Partition Type: NTFS
    Drive I: | 488.28 Gb Total Space | 176.92 Gb Free Space | 36.23% Space Free | Partition Type: NTFS
    Drive J: | 165.00 Gb Total Space | 125.77 Gb Free Space | 76.22% Space Free | Partition Type: NTFS
    Drive K: | 80.00 Gb Total Space | 23.93 Gb Free Space | 29.91% Space Free | Partition Type: NTFS
    Drive L: | 50.00 Gb Total Space | 14.66 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
    Drive M: | 100.00 Gb Total Space | 99.86 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
    Drive O: | 280.27 Gb Total Space | 268.72 Gb Free Space | 95.88% Space Free | Partition Type: NTFS
    Drive P: | 488.28 Gb Total Space | 176.88 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
    Drive Q: | 488.28 Gb Total Space | 106.06 Gb Free Space | 21.72% Space Free | Partition Type: NTFS
    Drive R: | 53.26 Gb Total Space | 22.47 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
    Drive S: | 97.66 Gb Total Space | 37.56 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
    Drive T: | 97.66 Gb Total Space | 37.53 Gb Free Space | 38.43% Space Free | Partition Type: NTFS
    Drive W: | 536.51 Gb Total Space | 484.65 Gb Free Space | 90.33% Space Free | Partition Type: NTFS

    Computer Name: XPS720-PC | User Name: XPS720 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2013/01/26 18:32:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XPS720\Desktop\OTL.exe
    PRC - [2013/01/25 20:47:25 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2012/12/18 12:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/09/26 03:01:50 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    PRC - [2012/09/15 20:49:17 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
    PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2012/07/27 03:07:46 | 000,879,800 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2012/07/27 03:05:02 | 000,380,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2012/07/26 18:17:56 | 001,374,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    PRC - [2012/07/18 16:10:04 | 000,052,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2012/07/06 04:56:56 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    PRC - [2012/06/28 17:35:40 | 001,171,336 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2012/06/28 17:32:18 | 005,915,352 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    PRC - [2012/06/28 17:29:22 | 000,403,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2012/06/28 17:28:34 | 005,955,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011/05/02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
    PRC - [2010/12/31 08:28:24 | 000,040,736 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Microsoft Streets & Trips 2011\StreetsOlkShim.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/05/05 15:46:12 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2009/11/25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    PRC - [2008/10/27 21:19:26 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2007/04/17 15:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/10 03:41:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 03:41:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/10 03:41:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/10 03:41:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2013/01/10 03:30:05 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
    MOD - [2013/01/10 03:30:05 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
    MOD - [2013/01/10 03:18:41 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
    MOD - [2013/01/10 03:18:27 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 03:18:26 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
    MOD - [2013/01/10 03:18:20 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
    MOD - [2013/01/10 03:18:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
    MOD - [2013/01/10 03:18:16 | 000,745,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll
    MOD - [2013/01/10 03:18:15 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
    MOD - [2013/01/10 03:18:14 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
    MOD - [2013/01/10 03:18:13 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/10 03:18:11 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
    MOD - [2013/01/10 03:18:05 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
    MOD - [2012/12/18 11:58:21 | 002,666,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/02/26 12:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/07/06 04:57:02 | 000,441,344 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
    SRV - [2013/01/25 20:47:25 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2013/01/18 19:33:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/09/26 03:01:50 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
    SRV - [2012/09/15 20:49:17 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2012/08/30 14:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2012/07/06 04:56:56 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/06/28 17:32:18 | 005,915,352 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
    SRV - [2012/06/28 17:31:36 | 001,132,856 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2012/01/31 09:11:46 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/09/19 15:56:20 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
    SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/25 20:47:28 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2013/01/25 20:47:20 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2013/01/25 20:47:07 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
    DRV:64bit: - [2013/01/25 20:47:04 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/15 16:52:49 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/09/15 16:52:43 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2012/09/15 16:52:34 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/04/25 08:03:30 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2012/03/13 02:59:50 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2012/03/13 02:59:50 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/05/05 17:37:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 17:37:36 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 17:37:28 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 17:37:20 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 17:37:14 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 17:37:06 | 000,686,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/05/05 17:36:56 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 17:36:46 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 17:36:46 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 17:36:36 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 17:36:36 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 17:36:28 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 17:36:28 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/03/17 12:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
    DRV - [2012/03/13 02:59:50 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2012/03/13 02:59:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/10/27 21:34:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/01/31 16:30:53] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


    ========== Standard Registry (SafeList) ==========
     
  6. joehamrick

    joehamrick TS Rookie Topic Starter

    2 of 3



    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 66 91 38 A3 DF CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://speeddial.uworks.net/welcome...nt/speeddial.xul|http://www.drudgereport.com/"
    FF - prefs.js..extensions.enabledAddons: statusbar%40toodledo.com:1.82
    FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18
    FF - prefs.js..extensions.enabledAddons: tabutils%40ithinc.cn:1.5.1
    FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.1.0
    FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
    FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/19 22:21:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/24 00:04:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Users\XPS720\AppData\Local\Mozilla Firefox\components [2013/01/18 19:33:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Users\XPS720\AppData\Local\Mozilla Firefox\plugins [2013/01/18 19:32:32 | 000,000,000 | ---D | M]

    [2012/01/30 18:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Extensions
    [2013/01/26 14:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions
    [2013/01/13 01:09:05 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2013/01/03 07:05:42 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2013/01/23 22:35:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/01/11 21:36:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/01/11 10:08:00 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
    [2012/10/14 15:33:55 | 000,000,000 | ---D | M] (Downloads Context Menu) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\downloadscontextmenu@bmproductions
    [2012/10/14 15:26:05 | 000,083,705 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\multifox@hultmann.xpi
    [2012/09/21 08:42:07 | 000,035,548 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\statusbar@toodledo.com.xpi
    [2012/12/12 08:34:25 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\tabutils@ithinc.cn.xpi
    [2012/09/16 22:52:04 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
    [2013/01/03 23:10:14 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
    [2012/12/11 18:28:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
    [2008/11/17 17:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\XPS720\AppData\Roaming\Mozilla\Firefox\Profiles\bmmd76si.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
    [2012/10/12 12:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/12 12:16:22 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 12:15:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2013/01/26 15:07:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKCU..\Run: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe (Charles Schwab & Co., Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\XPS720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XPS720\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XPS720\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{358EB672-DF0C-49B6-A591-F8CF7311D9E7}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  7. joehamrick

    joehamrick TS Rookie Topic Starter

    3 of 3

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/26 17:55:06 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\XPS720\Desktop\tdsskiller.exe
    [2013/01/26 15:30:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/26 14:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/26 14:37:50 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/26 14:35:55 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\XPS720\Desktop\JRT.exe
    [2013/01/26 09:40:07 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\XPS720\Desktop\dds.com
    [2013/01/26 09:27:36 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XPS720\Desktop\mbam-setup-1.70.0.1100.exe
    [2013/01/25 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
    [2013/01/25 20:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
    [2013/01/25 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\XPS720\AppData\Roaming\ICAClient
    [2013/01/25 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
    [2013/01/25 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
    [2013/01/25 12:19:12 | 000,000,000 | ---D | C] -- C:\Users\XPS720\AppData\Local\Citrix
    [2013/01/25 12:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2013/01/25 12:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/01/25 11:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    [2013/01/25 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
    [2013/01/24 00:27:51 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\XPS720\Desktop\TFC.exe
    [2013/01/24 00:13:18 | 000,350,915 | ---- | C] (Farbar) -- C:\Users\XPS720\Desktop\FSS.exe
    [2013/01/24 00:10:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XPS720\Desktop\OTL.exe
    [2013/01/23 23:25:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/23 23:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/23 23:25:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/23 23:17:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/23 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/23 23:13:46 | 005,026,751 | R--- | C] (Swearware) -- C:\Users\XPS720\Desktop\ComboFix.exe
    [2013/01/23 22:56:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\XPS720\Desktop\aswMBR.exe
    [2013/01/23 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\XPS720\Desktop\RK_Quarantine
    [2013/01/23 22:20:19 | 000,000,000 | ---D | C] -- C:\Users\XPS720\AppData\Local\Programs
    [2013/01/18 19:32:25 | 000,000,000 | ---D | C] -- C:\Users\XPS720\AppData\Local\Mozilla Firefox
    [2013/01/16 10:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/01/10 21:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2013/01/10 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/12/29 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\XPS720\AppData\Local\MR APP
    [2012/12/29 17:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2012/12/27 21:36:42 | 000,000,000 | ---D | C] -- C:\Users\XPS720\Desktop\Favorites Misc
    [2012/09/15 20:19:07 | 000,272,896 | ---- | C] (Datasoft Ltd.) -- C:\Program Files (x86)\stripmail.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/01/26 18:32:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XPS720\Desktop\OTL.exe
    [2013/01/26 17:55:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\XPS720\Desktop\tdsskiller.exe
    [2013/01/26 15:07:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/26 14:51:03 | 005,026,751 | R--- | M] (Swearware) -- C:\Users\XPS720\Desktop\ComboFix.exe
    [2013/01/26 14:38:33 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/26 14:38:33 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/26 14:36:01 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\XPS720\Desktop\JRT.exe
    [2013/01/26 14:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/26 14:29:56 | 3219,140,608 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/26 14:29:23 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
    [2013/01/26 14:29:23 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
    [2013/01/26 14:29:23 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
    [2013/01/26 14:27:30 | 000,578,255 | ---- | M] () -- C:\Users\XPS720\Desktop\adwcleaner.exe
    [2013/01/26 14:27:18 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/26 14:27:18 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/26 14:27:18 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/26 09:40:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\XPS720\Desktop\dds.com
    [2013/01/26 09:28:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/26 09:27:53 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XPS720\Desktop\mbam-setup-1.70.0.1100.exe
    [2013/01/24 00:27:53 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\XPS720\Desktop\TFC.exe
    [2013/01/24 00:13:25 | 000,350,915 | ---- | M] (Farbar) -- C:\Users\XPS720\Desktop\FSS.exe
    [2013/01/24 00:12:22 | 000,881,914 | ---- | M] () -- C:\Users\XPS720\Desktop\SecurityCheck.exe
    [2013/01/23 22:57:24 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\XPS720\Desktop\aswMBR.exe
    [2013/01/23 22:53:28 | 000,766,464 | ---- | M] () -- C:\Users\XPS720\Desktop\RogueKiller.exe
    [2013/01/20 22:36:44 | 020,729,700 | ---- | M] () -- C:\Users\XPS720\Desktop\Charlie_Shobe_Memorial_Exhibit_Walkthrough_-_YouTube.webm
    [2013/01/20 08:35:19 | 000,090,199 | ---- | M] () -- C:\Users\XPS720\Desktop\They are having a moment.JPG
    [2013/01/10 21:14:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2013/01/10 03:39:46 | 004,982,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/10 03:20:12 | 000,776,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/08 21:08:11 | 000,500,985 | ---- | M] () -- C:\Users\XPS720\Desktop\[ENG_US]WEB-EPATSCE-2003-0821 2 .pdf
    [2013/01/08 21:04:49 | 000,574,873 | ---- | M] () -- C:\Users\XPS720\Desktop\[ENG_US]WEB-EPATSCE-2003-0821.pdf

    ========== Files Created - No Company Name ==========

    [2013/01/25 12:20:43 | 000,001,508 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    [2013/01/24 00:12:19 | 000,881,914 | ---- | C] () -- C:\Users\XPS720\Desktop\SecurityCheck.exe
    [2013/01/24 00:02:31 | 000,578,255 | ---- | C] () -- C:\Users\XPS720\Desktop\adwcleaner.exe
    [2013/01/23 23:25:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/23 23:25:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/23 23:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/23 23:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/23 23:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/23 22:53:19 | 000,766,464 | ---- | C] () -- C:\Users\XPS720\Desktop\RogueKiller.exe
    [2013/01/20 22:35:28 | 020,729,700 | ---- | C] () -- C:\Users\XPS720\Desktop\Charlie_Shobe_Memorial_Exhibit_Walkthrough_-_YouTube.webm
    [2013/01/20 08:32:44 | 000,090,199 | ---- | C] () -- C:\Users\XPS720\Desktop\They are having a moment.JPG
    [2013/01/10 21:14:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2013/01/08 21:08:11 | 000,500,985 | ---- | C] () -- C:\Users\XPS720\Desktop\[ENG_US]WEB-EPATSCE-2003-0821 2 .pdf
    [2013/01/08 21:04:49 | 000,574,873 | ---- | C] () -- C:\Users\XPS720\Desktop\[ENG_US]WEB-EPATSCE-2003-0821.pdf
    [2012/12/21 17:07:03 | 000,883,758 | ---- | C] () -- C:\Users\XPS720\AppData\Local\census.cache
    [2012/12/21 17:06:21 | 000,146,088 | ---- | C] () -- C:\Users\XPS720\AppData\Local\ars.cache
    [2012/12/21 16:56:20 | 000,000,036 | ---- | C] () -- C:\Users\XPS720\AppData\Local\housecall.guid.cache
    [2012/12/20 10:15:38 | 000,193,960 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/11/18 07:43:30 | 000,003,584 | ---- | C] () -- C:\Users\XPS720\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/11 11:33:22 | 000,000,462 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2012/10/11 11:27:19 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
    [2012/10/06 19:25:36 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
    [2012/10/06 19:24:44 | 000,000,139 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2012/10/06 19:24:40 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2012/10/06 19:24:40 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2012/10/06 19:24:40 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2012/09/17 14:45:36 | 000,000,252 | ---- | C] () -- C:\Users\XPS720\AppData\Roaming\GPU MeterV2_Settings.ini
    [2012/09/15 17:46:02 | 000,000,479 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/01/31 16:16:42 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2012/01/31 16:16:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2012/01/30 19:42:24 | 000,776,710 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/07 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\2Flyer
    [2012/10/06 16:31:33 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\4Team
    [2012/09/15 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\873B3BD3-C825-4DEF-8764-320C93E5F68C
    [2012/01/30 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Acronis
    [2012/10/06 15:59:14 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Anti-Dupe
    [2013/01/25 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Applian FLV and Media Player
    [2012/12/04 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Audacity
    [2012/02/01 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Auslogics
    [2012/09/21 15:02:43 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\canon
    [2012/10/06 08:33:53 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Charles Schwab
    [2012/10/11 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/10/07 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\DiskAid
    [2013/01/26 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Dropbox
    [2012/09/15 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\DVDVideoSoft
    [2012/09/22 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Garmin
    [2013/01/25 12:26:58 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\ICAClient
    [2012/12/10 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Imagenomic
    [2012/10/14 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\IrfanView
    [2013/01/12 12:40:15 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Mp3tag
    [2012/09/15 20:49:26 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Netscape
    [2012/01/30 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Notepad++
    [2012/12/25 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\ObviousIdea
    [2012/10/06 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\OverDrive
    [2012/09/19 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\pchc
    [2012/09/15 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\Photodex
    [2012/10/11 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\TuneUpMedia
    [2012/10/14 09:23:03 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\VarieDrop
    [2012/09/21 13:08:49 | 000,000,000 | ---D | M] -- C:\Users\XPS720\AppData\Roaming\webex

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 108 bytes -> C:\Windows:

    < End of report >
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
     
  9. joehamrick

    joehamrick TS Rookie Topic Starter

    C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.d

    ll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    C:\Users\XPS720\AppData\Local\Temp\is1590112554\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
    C:\Users\XPS720\AppData\Local\Temp\is1590112554\yontoo-c2.exe multiple threats cleaned by deleting - quarantined
    C:\Users\XPS720\Desktop\AnySendSetup.exe a variant of Win32/InstallCore.BB application cleaned by deleting - quarantined
    E:\--- Current\Auslogics\disk-defrag-setup 3.1.10.165.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    E:\--- Current\Auslogics\disk-defrag-setup 3.2.1.10.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    E:\--- Current\Auslogics\disk-defrag-setup 3.2.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    E:\--- Current\Auslogics\disk-defrag-setup 3.3.0.2.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    E:\--- Current\CrystalDiskInfo\CrystalDiskInfo5_3_1Shizuku-en.exe Win32/OpenCandy application cleaned by deleting - quarantined
    E:\--- Current\DFX\dfx9Setup-WMP.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
    E:\--- Current\Dublicate Cleaner\DuplicateCleaner_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    E:\--- Current\Glary Utilities\gusetup 2.23.0.923.exe multiple threats cleaned by deleting - quarantined
    E:\--- Current\Glary Utilities\gusetup.exe multiple threats cleaned by deleting - quarantined
    E:\--- Current\ImgBurn\SetupImgBurn_2.5.1.0.exe multiple threats cleaned by deleting - quarantined
    E:\--- Current\Nikon Scanner 5000ED\HowToDrivers\driverfetch_setup.exe multiple threats cleaned by deleting - quarantined
    E:\--- Current\Windows 7\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
    E:\--- Current\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
    L:\--- Current\Auslogics\disk-defrag-setup 3.1.10.165.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    L:\--- Current\Auslogics\disk-defrag-setup 3.2.1.10.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    L:\--- Current\Auslogics\disk-defrag-setup 3.2.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    L:\--- Current\Auslogics\disk-defrag-setup 3.3.0.2.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    L:\--- Current\CrystalDiskInfo\CrystalDiskInfo5_3_1Shizuku-en.exe Win32/OpenCandy application cleaned by deleting - quarantined
    L:\--- Current\DFX\dfx9Setup-WMP.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
    L:\--- Current\Dublicate Cleaner\DuplicateCleaner_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
    L:\--- Current\Glary Utilities\gusetup 2.23.0.923.exe multiple threats cleaned by deleting - quarantined
    L:\--- Current\Glary Utilities\gusetup.exe multiple threats cleaned by deleting - quarantined
    L:\--- Current\ImgBurn\SetupImgBurn_2.5.1.0.exe multiple threats cleaned by deleting - quarantined
    L:\--- Current\Nikon Scanner 5000ED\HowToDrivers\driverfetch_setup.exe multiple threats cleaned by deleting - quarantined
    L:\--- Current\Windows 7\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
    L:\--- Current\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined

    There do not appear any other issues although I have not run very much. What do I do if any develop?
    Thank you for your help.
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Start a new topic or PM me if any new issues develop.

    We will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  11. joehamrick

    joehamrick TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java 7 Update 11
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox (18.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  13. joehamrick

    joehamrick TS Rookie Topic Starter

    No other questions. Thank you for all the support.
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic solved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.