Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC Malware Detected and Unable to remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC Malware Detected and Unable to remove

Unread postby gugluizza » October 2nd, 2013, 6:42 pm

My PC has been experiencing issues for the last 2 weeks. I have Outlook 2010 installed that is connected to my gmail account, and now I can no longer send any email from my mailbox. When I run my McAfee scan it comes back clean, however when I run MalwareBytes or Spybot S&D it identifies multiple viruses and a specific Malware called Montera toolbar. Even though I have MalwareBytes and Spybot S&D fix the selected problems found, they show up again on the next scan.

Attached are the files requested for my posting.

DDS.txt

DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael Gugluizza at 22:49:43.92 on Mon 09/30/2013
Internet Explorer: 9.10.9200.16686 BrowserJavaVersion: 10.25.2
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3036.1647 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Michael Gugluizza\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\Michael Gugluizza\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Michael Gugluizza\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRXUUSHT\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [AmazonMP3DownloaderHelper] c:\users\michael gugluizza\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe
uRun: [Amazon Cloud Player] c:\users\michael gugluizza\appdata\local\amazon cloud player\Amazon Music Helper.exe
uRun: [ALconnect] c:\users\michael gugluizza\appdata\roaming\directlife\alconnect\ALconnect.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/On ... canner.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 568632]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-4-3 213232]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2013-7-23 21728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2013-7-23 20384]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe" /McCoreSvc [2013-8-22 281560]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2012-10-23 167784]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-8-22 145600]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-7-10 315392]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe" /McCoreSvc [2013-8-22 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe" /McCoreSvc [2013-8-22 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe" /McCoreSvc [2013-8-22 281560]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe" /McCoreSvc [2013-8-22 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-8-22 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-8-22 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-10 172416]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-12 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-12 1033688]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2013-7-23 1564160]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-4-3 60920]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-4-26 273448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-30 40776]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-4-3 235520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-4-3 365224]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-7-9 288056]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-25 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-12 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-25 136176]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-8-28 147472]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2013-7-23 960992]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-4-3 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-7-9 80656]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-26 1343400]
.
=============== Created Last 30 ================
.
2013-10-01 03:18:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-30 00:14:21 5403344 ----a-w- c:\progra~2\pclunst.exe
2013-09-30 00:14:19 -------- d-----w- c:\progra~2\PC1Data
2013-09-30 00:11:00 -------- d-----w- c:\progra~2\APN
2013-09-30 00:04:54 -------- d-----w- c:\users\michae~1\appdata\roaming\DriverCure
2013-09-30 00:04:53 -------- d-----w- c:\users\michae~1\appdata\roaming\ParetoLogic
2013-09-30 00:04:23 -------- d-----w- c:\progra~2\ParetoLogic
2013-09-23 17:21:57 -------- dc----w- C:\BOYSCOUT FORMS
2013-09-13 04:07:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-12 12:09:24 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-12 12:09:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-09-12 12:00:57 -------- d-----w- c:\windows\pss
2013-09-12 08:17:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-09-12 08:17:58 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-09-12 08:17:58 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-12 08:04:21 -------- dc----w- C:\d3374692f13d3109952249ca
2013-09-06 14:34:48 -------- dc----w- C:\Green Bay DIOCESE
2013-09-05 14:04:02 209272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-09-19 22:37:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 22:37:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-30 19:32:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-30 19:32:55 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-30 19:32:55 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-07 17:59:14 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 22:51:39.50 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2011 9:45:49 PM
System Uptime: 9/30/2013 7:28:13 AM (15 hours ago)
.
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 120.969 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP161: 8/14/2013 3:00:13 AM - Windows Update
RP162: 8/30/2013 2:31:41 PM - McAfee Vulnerability Scanner
RP163: 8/30/2013 2:46:05 PM - Windows Update
RP164: 9/12/2013 3:02:49 AM - Windows Update
RP165: 9/20/2013 9:21:03 AM - Scheduled Checkpoint
RP166: 9/20/2013 12:43:11 PM - McAfee Vulnerability Scanner
RP167: 9/29/2013 7:10:01 PM - Installed Driver Detective.
.
==== Installed Programs ======================
.
ActiveLink Connect
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI (11.0.04)
Amazon Cloud Player
Amazon MP3 Downloader 1.0.18
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
CameraHelperMsi
Custom
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
DirectX 9 Runtime
Elements 10 Organizer
EMBASSY Security Center
erLT
Gemalto
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.3.355.950
Google Calendar Sync
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
Lexmark 3400 Series
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee AntiVirus Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Photo Books (Unibind Edition)
NETGEAR WNA1100 N150 Wireless USB Adapter
NTRU TCG Software Stack
PC-CCID
PhotoShowExpress
Preboot Manager
PrimoPDF -- brought to you by Nitro PDF Software
PrintMaster 16
Private Information Manager
PSE10 STI Installer
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x86
Shockwave
Skype™ 6.7
Sonic CinePlayer Decoder Pack
SPBA 5.9
Spybot - Search & Destroy
Trusted Drive Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 7:28:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: yfsvji
9/30/2013 7:28:35 AM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
9/30/2013 7:28:27 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
9/30/2013 6:58:19 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
9/30/2013 6:56:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xca333000, 0x00000000, 0x8323fe63, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 093013-14586-01.
9/29/2013 6:54:08 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/27/2013 12:57:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
9/27/2013 12:57:25 PM, Error: Service Control Manager [7000] - The McAfee Platform Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/27/2013 12:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
.
==== End Of File ===========================
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm
Advertisement
Register to Remove

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 4th, 2013, 5:46 am

Hello gugluiza, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 4th, 2013, 5:59 am

Hi gugluizza,

Is this computer used for any kind of business activity?
Can you tell me how you got your copy of Microsoft Office Professional 2010?

I'll need some more scans:

Step 1 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.

Step 3 - MGADiag
  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby gugluizza » October 4th, 2013, 11:26 pm

All of the scans requested have been run. No malicious items were found after running the TDSSKILLER.exe tool. Below are the results of the other scans:

OTL logfile created on: 10/4/2013 10:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Gugluizza\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.21% Memory free
5.93 Gb Paging File | 4.29 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.06 Gb Total Space | 120.70 Gb Free Space | 52.01% Space Free | Partition Type: NTFS

Computer Name: MICHAELGUGLUIZZ | User Name: Michael Gugluizza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/04 22:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
PRC - [2013/09/19 17:37:03 | 000,815,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
PRC - [2013/08/17 18:34:12 | 000,498,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/08/17 07:35:38 | 001,107,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/08/06 15:11:12 | 000,145,600 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2013/08/05 05:20:10 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/07/21 20:08:00 | 003,109,376 | ---- | M] () -- C:\Users\Michael Gugluizza\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/07/18 20:24:12 | 015,990,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 15:37:02 | 000,400,704 | ---- | M] () -- C:\Users\Michael Gugluizza\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2012/12/20 07:42:34 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Michael Gugluizza\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/08/26 12:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/05/01 13:54:46 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/21 20:08:00 | 003,109,376 | ---- | M] () -- C:\Users\Michael Gugluizza\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/09 15:37:02 | 000,400,704 | ---- | M] () -- C:\Users\Michael Gugluizza\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll
MOD - [2006/02/13 09:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcydrec.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/09/19 17:37:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/08/06 15:11:12 | 000,145,600 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV - [2013/08/05 05:20:10 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/12 14:40:28 | 000,834,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0122831380832133mcinst.exe -- (0122831380832133mcinstcleanup)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/26 06:46:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ypqyr.sys -- (yfsvji)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2013/08/07 13:02:32 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/08/07 12:59:26 | 000,213,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/08/07 12:56:38 | 000,568,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/08/07 12:55:38 | 000,365,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/08/07 12:55:14 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/08/07 12:54:36 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/08/07 12:53:54 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/07/09 07:34:12 | 000,080,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2013/07/09 07:34:04 | 000,288,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/11 01:09:00 | 001,564,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010/07/27 04:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 04:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/16 18:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/06/20 07:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 11:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {51C1FD81-4293-48BC-8F5B-2A4C804239BF}
IE - HKLM\..\SearchScopes\{51C1FD81-4293-48BC-8F5B-2A4C804239BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes,DefaultScope = {51C1FD81-4293-48BC-8F5B-2A4C804239BF}
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{8092693A-5BA0-4F8A-B16A-610CCE799ACD}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Michael Gugluizza\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/10/03 15:29:46 | 000,000,000 | ---D | M]

[2012/01/05 15:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Gugluizza\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/05 15:56:40 | 000,000,000 | ---D | M] (Serif WebPlus Community Toolbar) -- C:\Users\Michael Gugluizza\AppData\Roaming\Mozilla\Firefox\extensions\{07364a98-eb02-4736-bc54-ebe437fccb87}

O1 HOSTS File: ([2013/09/30 07:32:33 | 000,897,302 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15431 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LXCYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001..\Run: [ALconnect] C:\Users\Michael Gugluizza\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001..\Run: [Amazon Cloud Player] C:\Users\Michael Gugluizza\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001..\Run: [AmazonMP3DownloaderHelper] C:\Users\Michael Gugluizza\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595B48EA-4D0E-486B-9FC8-7437C46F06B7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/04 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/10/04 22:05:07 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Michael Gugluizza\Desktop\MGADiag.exe
[2013/10/04 22:04:47 | 004,119,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael Gugluizza\Desktop\tdsskiller.exe
[2013/10/04 22:04:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
[2013/09/29 19:17:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/29 19:14:21 | 005,403,344 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/09/29 19:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/09/29 19:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/09/29 19:09:53 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Michael Gugluizza\Documents\APNSetup.exe
[2013/09/29 19:04:54 | 000,000,000 | ---D | C] -- C:\Users\Michael Gugluizza\AppData\Roaming\DriverCure
[2013/09/29 19:04:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Gugluizza\AppData\Roaming\ParetoLogic
[2013/09/29 19:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/23 12:21:57 | 000,000,000 | ---D | C] -- C:\BOYSCOUT FORMS
[2013/09/12 23:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/12 23:07:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/09/12 07:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/12 07:09:24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/12 07:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/12 07:00:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/12 03:18:04 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/12 03:18:03 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/12 03:18:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/12 03:18:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/12 03:18:01 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/12 03:18:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/12 03:18:01 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/12 03:18:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/12 03:18:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/12 03:18:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 03:04:21 | 000,000,000 | ---D | C] -- C:\d3374692f13d3109952249ca
[2013/09/11 07:09:31 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/11 07:09:29 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/11 07:09:26 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/11 07:09:25 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/11 07:09:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:09:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:09:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:09:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:09:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:09:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:09:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:09:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:09:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:09:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:09:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:09:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:09:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:09:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:09:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:09:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:09:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:09:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:09:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:09:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:09:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/06 09:34:48 | 000,000,000 | ---D | C] -- C:\Green Bay DIOCESE

========== Files - Modified Within 30 Days ==========

[2013/10/04 22:08:22 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/10/04 22:05:07 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Michael Gugluizza\Desktop\MGADiag.exe
[2013/10/04 22:04:48 | 004,119,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael Gugluizza\Desktop\tdsskiller.exe
[2013/10/04 22:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
[2013/10/04 22:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 22:01:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 22:01:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/04 22:01:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 22:01:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/10/01 18:51:39 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 18:51:39 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 18:44:01 | 2387,329,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/30 07:32:33 | 000,897,302 | R--- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/09/30 07:30:52 | 000,007,605 | ---- | M] () -- C:\Users\Michael Gugluizza\AppData\Local\Resmon.ResmonCfg
[2013/09/30 06:56:45 | 350,724,975 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/29 20:33:39 | 000,003,528 | ---- | M] () -- C:\bootsqm.dat
[2013/09/29 19:03:39 | 005,403,344 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/09/19 17:37:03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/19 17:37:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/12 23:07:03 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/12 20:38:48 | 000,000,300 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/12 07:16:02 | 000,897,302 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130930-073229.backup
[2013/09/12 07:09:32 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/12 03:47:51 | 000,511,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/09/30 07:30:52 | 000,007,605 | ---- | C] () -- C:\Users\Michael Gugluizza\AppData\Local\Resmon.ResmonCfg
[2013/09/29 20:33:39 | 000,003,528 | ---- | C] () -- C:\bootsqm.dat
[2013/09/13 07:11:44 | 350,724,975 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/12 23:07:03 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/12 20:38:48 | 000,000,300 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/12 07:09:32 | 000,002,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/12 07:09:32 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/12 07:04:59 | 000,002,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2013/09/12 07:04:59 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2013/09/12 07:04:59 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
[2013/03/27 20:03:05 | 000,103,832 | ---- | C] () -- C:\Users\Michael Gugluizza\GoToAssistDownloadHelper.exe
[2013/03/18 06:08:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MICHAELGUGLUIZZ-Microsoft-Windows-7-Professional-(32-bit).dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/21 11:30:44 | 000,037,903 | ---- | C] () -- C:\Users\Michael Gugluizza\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/06/14 10:37:27 | 000,072,080 | ---- | C] () -- C:\Users\Michael Gugluizza\g2mdlhlpx.exe
[2011/05/23 22:23:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 10/4/2013 10:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Gugluizza\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.21% Memory free
5.93 Gb Paging File | 4.29 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.06 Gb Total Space | 120.70 Gb Free Space | 52.01% Space Free | Partition Type: NTFS

Computer Name: MICHAELGUGLUIZZ | User Name: Michael Gugluizza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF98427-094A-483A-8025-ACED14A87729}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11764290-2312-43AF-9849-358E4B303B80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30D267CF-7903-4B62-B0C2-2E8ED448F233}" = lport=139 | protocol=6 | dir=in | app=system |
"{39D6EE15-4819-46A5-B7C0-071E4434477E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B78AAF0-1E0C-40C6-A459-9753D2BF1E27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EE4D181-9ABA-4418-8183-A0156323EB56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{41409BB1-9CB4-4B42-8D98-0F41E0DD1F53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{42B2E26A-6981-4A33-BCD2-719436E3ACCC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5758910E-9886-455D-9A8F-6078A865539A}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |
"{5AE33FC5-754F-406D-AD4F-8673B1D1162B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FA25915-674F-433B-8D80-1DC7FDCECDC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76B6D697-9141-47B1-9F0E-7E3435AFE418}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{786F7A80-8B4F-40B9-A216-FD1767B6FD11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{800A6F28-A165-4D48-81D6-9972CD4CEF85}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine |
"{9AEBCD07-97A7-4450-A28D-814D39E0E520}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3CFD436-04EB-4BEC-8819-B599A9F7BF54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A3DA1CE1-D7E1-4C78-B509-9E7EBA72CB1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B66D9BC9-59DA-41AD-97D3-1C4F86C4FDC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9F8DAC9-41F0-4483-A4A2-D28FC2FFC3B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB273EF8-2939-4859-A21C-4D90650DB3E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{C4BCA437-F5E0-433E-829C-60CDF7BCD215}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4ED1CC4-4058-43B2-8F0E-91D363DECE4E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C692F5AB-8272-47E7-BD8A-CB32731F20B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8245BA1-603E-459E-B4A9-4A9E7B54DDFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{CED438CD-5A5E-4496-BCEC-811AADB06602}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D59DD18A-B2B6-472D-9C64-512A1F38517C}" = rport=445 | protocol=6 | dir=out | app=system |
"{E12571BF-802E-46A4-BE5C-517C729D7558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E267CC55-0855-44D2-A2C6-8D59CCC7DA12}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0330BACF-DB25-4E83-A11D-A3D94330DAF9}" = protocol=6 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs1437\hpdiagnosticcoreui.exe |
"{04ECE76D-609B-470A-B913-FD19A0CEEE3C}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{07356A21-854C-4D27-BB84-DD15A7E75BFA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{146F3C69-A6BE-42BB-907B-C1DFE93615DD}" = protocol=6 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs67bf\hpdiagnosticcoreui.exe |
"{1CD91443-6D91-46C1-B206-D08F722547EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E52312D-1D5B-4602-A164-2D1C53A1BA18}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{23252E1D-4E81-49FA-B995-71D354919502}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2C5473D3-1272-4A15-A0CF-A11AEAAC49CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CE0A076-1D2A-4855-8A57-F382FA149A99}" = protocol=17 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs21fe\hpdiagnosticcoreui.exe |
"{423D8FB6-B397-4EDF-A848-8F3FF1D4D28D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{45ED1A59-5098-4BEA-9926-FBB702CBCFC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AC975E4-AEEC-42C5-AC89-BB2F1FAB9F00}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{4ED9ABC8-9A23-43FF-9391-4F637A548F12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{519417C7-39E7-4156-9EFA-E7B63D11D864}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C993249-5C72-40A6-AE64-7D90C464537E}" = protocol=17 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs5b5d\hpdiagnosticcoreui.exe |
"{5FDC46D5-5B29-4DA8-AEAF-A529EF7DD6C3}" = protocol=17 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs1437\hpdiagnosticcoreui.exe |
"{65D48856-7B36-4DCB-9B7B-FCF826AD72B2}" = protocol=6 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs5b5d\hpdiagnosticcoreui.exe |
"{6D6B77A3-016F-4C55-A116-96CC8771162E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DEDD3C3-DC13-43D2-988B-24D1D42DCE23}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{839E1225-57D4-4B45-A5C2-827111FB042B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{88F54433-256C-4C4B-B78C-CCC58ADFB31C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8F2DDCC3-45E4-4EBB-869C-CD142AE32586}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{928D4E91-5CC2-4A42-8657-9DC0B4DF4A2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9C7B47A2-C269-456F-8F78-5D27F72A9A0F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9EB992E3-5065-4BAE-B854-286EC04C542F}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{9FAE2F1F-012F-4092-8276-EC6982782D78}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A432C46F-1210-4063-BE9C-02207325BF2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A46E312F-33B5-4281-A7B3-7A7DA5863C76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A838E10C-4AFC-498F-AC3F-592D3600C77D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9C221EB-67F7-4314-BA04-41D560335ABA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD9F8B7A-47D0-4B15-BE5C-CBE61AF16184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B68A18E4-1C25-470C-85ED-5A7D1804CF3C}" = protocol=17 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs67bf\hpdiagnosticcoreui.exe |
"{B7B280D0-35E4-44EE-BCE1-CDB4393B3EB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C397117D-9E7F-4458-B7C3-AC263DB264C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8963B80-3551-4482-9E65-46BB24C34BBB}" = protocol=6 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs6d3b\hpdiagnosticcoreui.exe |
"{CA12283D-F5EA-417B-8AB1-D0B1B8DECA52}" = protocol=17 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs6d3b\hpdiagnosticcoreui.exe |
"{CFBFE23D-A983-488D-BFBA-43A8BA4B4CAA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D00E706C-255C-493F-8215-601B08F0E1FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D4EE858A-746E-4AC0-AF9A-FE15271BFC77}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{D9A86609-1D1C-4EA7-ABE0-C41F24E6CFFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDAF5B4E-BEA3-440D-8B4B-C3D385229540}" = protocol=6 | dir=in | app=c:\users\bill hails\appdata\local\temp\7zs21fe\hpdiagnosticcoreui.exe |
"{DDBF686B-D948-47C6-9CFC-01C9130505B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E03B1500-F3B1-4ACA-997F-C0EB421C5859}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{E6FE1200-F364-40D4-8735-CD5FE26DE789}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E9A73785-62E0-4F3F-BC05-4B9AA8A521F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E9F78F88-944D-4DCC-84AE-EC0EB5BA93DE}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{EE5FD2D9-6A8A-4DCB-8D02-C9CD16AB6CC3}" = protocol=6 | dir=out | app=system |
"{F5143F7A-F1FB-4DA7-9138-8FC1902A08A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{EF26BC41-A161-4EBF-8AC3-F90F569B7671}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{9C417C41-FD64-404A-8734-C55FC3D9F3DF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{25349513-852F-470D-AB31-9B42100C926B}" = ActiveLink Connect
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6E785411-0F22-4D64-9BAE-5337EA4A01D5}" = My Photo Books (Unibind Edition)
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8049762C-799F-4063-A636-6A22A544FB6F}" = Google Apps Sync™ for Microsoft Outlook® 3.3.355.950
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Lexmark 3400 Series" = Lexmark 3400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee AntiVirus Plus
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Shockwave" = Shockwave
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveLink Connect" = ActiveLink Connect
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2013 5:10:34 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64878850

Error - 10/4/2013 5:10:49 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/4/2013 5:10:49 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64894450

Error - 10/4/2013 5:10:49 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64894450

Error - 10/4/2013 5:11:05 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/4/2013 5:11:05 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64910050

Error - 10/4/2013 5:11:05 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64910050

Error - 10/4/2013 5:11:20 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/4/2013 5:11:20 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64925650

Error - 10/4/2013 5:11:20 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64925650

[ Spybot - Search and Destroy Events ]
Error - 9/12/2013 9:38:48 PM | Computer Name = MichaelGugluizz | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 9/30/2013 7:57:30 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
yfsvji

Error - 9/30/2013 7:58:19 AM | Computer Name = MichaelGugluizz | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/30/2013 8:28:27 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 9/30/2013 8:28:35 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 9/30/2013 8:28:39 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
yfsvji

Error - 10/1/2013 7:44:08 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 10/1/2013 7:44:18 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 10/1/2013 7:44:28 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
yfsvji

Error - 10/3/2013 4:23:09 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/3/2013 4:23:39 PM | Computer Name = MichaelGugluizz | Source = DCOM | ID = 10010
Description =


< End of report >


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {35976E8C-F5B9-4F69-BB58-E79DC33024DB}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{35976E8C-F5B9-4F69-BB58-E79DC33024DB}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-964026337-3082616824-1035162491</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 380 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="5"/><Date>20110224000000.000000+000</Date></BIOS><HWID>20F43107018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B10K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1152011
Installation ID: 012303907874524765270804456400702830145321173945920780
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 10/4/2013 10:21:46 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EE7
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:31:2013 17:30
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEAAwABAAIAAAACAAAAAgABAAEAeqjm2da/qnbK5z529nWkC6wrsrQZa3xbDSFGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B10K
FACP DELL B10K
HPET DELL B10K
BOOT DELL B10K
MCFG DELL B10K
SSDT DELL st_ex
TCPA DELL B10K
____ DELL B10K
SLIC DELL B10K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 5th, 2013, 5:28 am

Hi Gugluizza,

Good job!

I need the answer to my previous questions, please:
Is this computer used for any kind of business activity?
Can you tell me how you got your copy of Microsoft Office Professional 2010?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby gugluizza » October 5th, 2013, 9:31 am

This is a home PC, and is not used for business purposes.

I purchased and installed MS Office Professional 2010 several years ago thru Staples.
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 5th, 2013, 12:36 pm

Hi gugluizza,

Nothing much showing on these scans. Please run the following:

Malwarebytes' Anti-Malware
  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Report button to produce the scan report.
  5. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby gugluizza » October 5th, 2013, 7:30 pm

Attached are the logs requested:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.05.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Michael Gugluizza :: MICHAELGUGLUIZZ [administrator]

10/5/2013 4:09:53 PM
mbam-log-2013-10-05 (16-09-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210075
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Michael Gugluizza\Desktop\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

(end)


# AdwCleaner v3.006 - Report created 05/10/2013 at 18:28:00
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Michael Gugluizza - MICHAELGUGLUIZZ
# Running from : C:\Users\Michael Gugluizza\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\MICHAE~1\AppData\Local\Temp\apn
Folder Found C:\Users\Michael Gugluizza\AppData\Local\~0
Folder Found C:\Users\Michael Gugluizza\AppData\Local\PackageAware
Folder Found C:\Users\Michael Gugluizza\AppData\Roaming\DriverCure
Folder Found C:\Users\Michael Gugluizza\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\WiseConvert
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94376355-5F01-4DD0-801C-634F95B4E093}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA78D583-4DCC-4E66-9509-2F117A569FED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\WiseConvert

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


*************************

AdwCleaner[R0].txt - [2410 octets] - [05/10/2013 18:28:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2470 octets] ##########
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 6th, 2013, 5:41 am

Hi Gugluizza,

There are a few things to clean. And I'd like an online virus scan to check if there's anything else.

Step 1 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    Java(TM) 6 Update 37
  • Select the program and click on Uninstall to uninstall it.
  • Reboot your computer after this.

Step 2 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
O33 - MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 3 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.


Step 4- ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!

For your next reply:
  1. Log from ADWcleaner
  2. Log from OTL
  3. Log from ESET
  4. How is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby gugluizza » October 6th, 2013, 4:18 pm

Attached are the requested files.

There were no Threats found when I ran ESETScanner.

All processes killed
Error: Unable to interpret <Code: Select all:commands> in the current context!
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94570d4e-6fba-11e0-b892-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94570d4e-6fba-11e0-b892-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94570d4e-6fba-11e0-b892-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael Gugluizza\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Gugluizza\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael Gugluizza
->Temp folder emptied: 3103342 bytes
->Temporary Internet Files folder emptied: 659583312 bytes
->Java cache emptied: 108063 bytes
->Flash cache emptied: 1326 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91658447 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 720.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062013_100554

Files\Folders moved on Reboot...
File\Folder C:\Users\Michael Gugluizza\AppData\Local\Temp\OICE_DA2B6834-9C43-4FBF-A7EE-74002C6918BA.0\1205D5B7. not found!
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WR8ZBX1G\DroidSans[1].woff moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BUUNN3M7\sh138[1].htm moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BUUNN3M7\viewtopic[1].htm moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v3.006 - Report created 06/10/2013 at 10:21:14
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Michael Gugluizza - MICHAELGUGLUIZZ
# Running from : C:\Users\Michael Gugluizza\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Michael Gugluizza\AppData\Local\~0
Folder Deleted : C:\Users\Michael Gugluizza\AppData\Local\PackageAware
Folder Deleted : C:\Users\Michael Gugluizza\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Michael Gugluizza\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA78D583-4DCC-4E66-9509-2F117A569FED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94376355-5F01-4DD0-801C-634F95B4E093}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\WiseConvert
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


*************************

AdwCleaner[R0].txt - [2550 octets] - [05/10/2013 18:28:00]
AdwCleaner[R1].txt - [2555 octets] - [06/10/2013 10:17:44]
AdwCleaner[S0].txt - [2536 octets] - [06/10/2013 10:21:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2596 octets] ##########
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: PC Malware Detected and Unable to remove

Unread postby nunped » October 6th, 2013, 5:36 pm

Hi Gugluizza!

Good job! Your computer appears to be free from malware.

Now, some clean-up steps:

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
    Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Create a new System Restore Point (SRP)
Now that you're clean, it's the best time to create a clean System Restore Point, and delete the previous, infected ones.
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point and press Next.
  3. Type a name for the new SRP like All Clean then press Create.
  4. When finished press Close.
Remove old SRP entries
  1. Go to Start > Run type in: cleanmgr and press OK.
    Wait until Disk Cleanup finish calculating.
  2. Then select the More Options tab.
  3. In the System Restore section, press Clean up.
  4. Reply Yes to the prompt.
    All existing restore points will be deleted, except the new one you just created.

Don't forget to re-enable your security programs!

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: PC Malware Detected and Unable to remove

Unread postby gugluizza » October 6th, 2013, 8:59 pm

Thanks for all your help, everything looks good!
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: PC Malware Detected and Unable to remove

Unread postby Cypher » October 7th, 2013, 9:39 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 389 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware