Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I BELIEVE I HAVE AN RAI

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 19th, 2013, 8:48 pm

Done:
****

C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EIPlug.dll
https://www.virustotal.com/en/file/d2fb ... 387498062/



C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe
https://www.virustotal.com/en/file/226a ... 387498664/


C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EZSETP.dll
https://www.virustotal.com/en/file/ca19 ... 387498310/

C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISb.dll
https://www.virustotal.com/en/file/419c ... 387498486/



C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe
https://www.virustotal.com/en/file/2484 ... 387499221/

C:\Users\SYSAD\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe
https://www.virustotal.com/en/file/6df8 ... 387499351/


C:\Users\SYSAD\Downloads\CodecPackage.exe
https://www.virustotal.com/en/file/2766 ... 387499579/

C:\Users\SYSAD\Downloads\finalmediaplayer_732.exe
https://www.virustotal.com/en/file/639e ... 387499764/

C:\Users\SYSAD\Downloads\FinalVideoDownloaderSetup.exe
https://www.virustotal.com/en/file/f9d7 ... 387499922/

C:\Users\SYSAD\Downloads\freefileconverter2_1422.exe
https://www.virustotal.com/en/file/9551 ... 387500068/

D:\RCA\rcaDVM_setup.exe
https://www.virustotal.com/en/file/668d ... 387500247/

I also saw a folder called AVG which I wanted to analyze, since I'm assuming it's part of this whole mess, but I figured I'd be better off not improvising at this point...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am
Advertisement
Register to Remove

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 20th, 2013, 9:03 am

Hi p_huero,

Let's delete the bad files, see if you can uninstall AVG toolbar and run a program similar to adwcleaner:

Step 1
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:files
C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EIPlug.dll
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EZSETP.dll
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISb.dll
C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe
C:\Users\SYSAD\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe
C:\Users\SYSAD\Downloads\CodecPackage.exe
C:\Users\SYSAD\Downloads\finalmediaplayer_732.exe
C:\Users\SYSAD\Downloads\FinalVideoDownloaderSetup.exe
C:\Users\SYSAD\Downloads\freefileconverter2_1422.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    AVG SafeGuard toolbar
  • Select the program and click on Uninstall to uninstall it.
  • Repeat steps 3 - 4 for each program in the list.
  • Reboot your computer after this.

Step 3 - Junkware Removal Tool Image
  • Please download jrt.exe by thisisu and save it to your desktop. Alternate download here.
  • Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
  • Right-click jrt.exe and select "Run as Administrator"
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt and post in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 11:22 am

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :files> in the current context!
Error: Unable to interpret < C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe> in the current context!
Error: Unable to interpret < C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EIPlug.dll> in the current context!
Error: Unable to interpret < C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EZSETP.dll> in the current context!
Error: Unable to interpret < C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISb.dll> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\Downloads\CodecPackage.exe> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\Downloads\finalmediaplayer_732.exe> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\Downloads\FinalVideoDownloaderSetup.exe> in the current context!
Error: Unable to interpret < C:\Users\SYSAD\Downloads\freefileconverter2_1422.exe> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12202013_071927
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 11:37 am

JTL LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by D-QUAD on Fri 12/20/2013 at 7:32:00.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

It looks like OTL didn't work though??...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 20th, 2013, 11:48 am

Yes, it didn't.

Can you try again to run the OTL fix, please?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 12:01 pm

oh...RIGHT-CLICK RUN AS ADMINISTRATOR!!!

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe moved successfully.
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EIPlug.dll moved successfully.
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\57EZSETP.dll moved successfully.
C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISb.dll moved successfully.
C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe moved successfully.
C:\Users\SYSAD\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe moved successfully.
C:\Users\SYSAD\Downloads\CodecPackage.exe moved successfully.
C:\Users\SYSAD\Downloads\finalmediaplayer_732.exe moved successfully.
C:\Users\SYSAD\Downloads\FinalVideoDownloaderSetup.exe moved successfully.
C:\Users\SYSAD\Downloads\freefileconverter2_1422.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12202013_080016

Right, that's got it...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 20th, 2013, 2:59 pm

Were you able to uninstall the AVG toolbar?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 4:05 pm

I need to reboot...I didn't get any error messages, but it never affected Firefox. It seems it was more to do with explorer. So I'll restart and report back...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 4:15 pm

Yes. It's gone! It does seem to have started up faster this time too. I can't thank you enough for all your help (though I realize you haven't given me the all-clear just yet!) because this was a major problem for me the past few months. I'm glad you folks were there to help me sort it out; thanks again, as it's much better.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 20th, 2013, 7:47 pm

Hi p_huero,

Good news :)
But I'd like a new scan with OTL, just to be sure. Open it by right-clicking and select "Run as Administrator" and then clicking on "Quick Scan". Post me the log, please.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 20th, 2013, 11:51 pm

OTL logfile created on: 12/20/2013 7:39:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\D-QUAD\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.25% Memory free
4.92 Gb Paging File | 3.41 Gb Available in Paging File | 69.37% Paging File free
Paging file location(s): c:\pagefile.sys 3055 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 5.06 Gb Free Space | 3.63% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 1.15 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive I: | 241.50 Mb Total Space | 241.50 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: SYSAD-00 | User Name: D-QUAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/20 08:07:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/13 20:20:12 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/11 11:39:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\D-QUAD\Downloads\OTL.exe
PRC - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 16:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2013/09/10 02:50:14 | 000,079,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\saHookMain.exe
PRC - [2013/09/10 02:50:10 | 000,160,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013/08/07 12:53:14 | 000,037,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
PRC - [2013/08/07 12:52:24 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/10/27 16:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 22:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/08/25 08:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/15 16:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 05:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008/02/22 15:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/21 21:14:22 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/01/20 18:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007/05/10 23:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 08:07:38 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/13 20:20:12 | 016,242,056 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/06 17:05:00 | 000,198,688 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\BPTrayPlugin.dll
MOD - [2013/10/03 12:57:18 | 000,198,688 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\VScan\MVSShExt6.0.2.133.dll
MOD - [2013/08/16 09:23:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/16 09:23:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 09:12:29 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/26 19:10:50 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/11/13 03:28:32 | 000,403,048 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
MOD - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MOD - [2011/06/24 19:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 19:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/03 04:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2013/12/20 08:07:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2013/09/10 02:50:10 | 000,160,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/08/07 12:52:24 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/09/02 22:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/17 08:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/08/07 12:59:26 | 000,213,232 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/08/07 12:57:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/08/07 12:56:38 | 000,568,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/08/07 12:55:38 | 000,365,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/08/07 12:55:14 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/08/07 12:54:36 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/08/07 12:53:54 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 07:25:30 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/06/23 06:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/15 12:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 12:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2008/09/12 12:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 12:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/08/27 00:39:52 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/08/27 00:39:46 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/16 21:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 21:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/03 04:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/05/18 17:29:08 | 000,110,592 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)
DRV - [2008/02/21 21:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 18:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/12/12 08:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/12/21 06:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2001/08/17 18:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam4USB.sys -- (Icam4USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... 3&id=38936
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes,DefaultScope = {ABC3CA36-E780-4B73-B329-B8F5212EDE8F}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{1CE1DD5D-22B9-4EF0-9701-160909051AE6}: "URL" = http://search.yahoo.com/search?fr=mcsaed&p={SearchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{ABC3CA36-E780-4B73-B329-B8F5212EDE8F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{CE73BBF2-084F-47A8-AEE6-66CA65CB54B2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{EDD48747-1D54-4137-B1AB-B3CD51762538}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "WWW.OUTLOOK.COM"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MarineAquarium3Free_57.com/Plugin: C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyoutubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2012/09/26 13:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@finalvideotools.com: C:\Program Files\FinalVideoDownloader\Firefox [2013/09/26 18:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/12/20 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/20 08:07:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/21 11:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Extensions
[2013/10/21 11:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default\extensions
[2013/12/20 08:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 08:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 08:07:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131211213831.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Users\SYSAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA14526-FC9B-408E-9DD5-5EDAA35277B2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD7A2A8-7A7C-4642-8A3E-0A3693E40FAD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\$PIX\111218\DSCN0880.JPG
O24 - Desktop BackupWallPaper: C:\$PIX\111218\DSCN0880.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/20 08:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/20 07:31:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/19 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/19 11:22:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/14 17:06:16 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/11 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/09 15:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
[2013/12/09 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/12/07 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/12/07 01:21:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/06 16:43:04 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/10/20 21:27:19 | 000,800,824 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\DPInst.exe
[2013/10/20 21:27:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe
[2013/10/20 21:27:17 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\PnPutil.exe

========== Files - Modified Within 30 Days ==========

[2013/12/20 19:38:22 | 000,000,518 | ---- | M] () -- C:\Users\D-QUAD\Desktop\OTL - Shortcut.lnk
[2013/12/20 19:02:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 19:02:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 18:47:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001UA.job
[2013/12/20 17:00:06 | 000,002,765 | ---- | M] () -- C:\Users\D-QUAD\Documents\INSTRUCTIONZ.rtf
[2013/12/20 14:24:14 | 000,001,058 | ---- | M] () -- C:\Users\D-QUAD\Documents\Document.rtf
[2013/12/20 14:09:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2013/12/20 13:02:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/20 13:02:04 | 001,047,140 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013/12/19 19:03:18 | 000,001,875 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Wordpad.lnk
[2013/12/18 21:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001Core.job
[2013/12/14 16:44:26 | 009,873,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/14 16:44:26 | 003,450,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/12 14:09:56 | 000,343,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 11:10:13 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/07 16:58:18 | 000,001,619 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/11/30 19:07:13 | 144,276,732 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/12/20 19:38:22 | 000,000,518 | ---- | C] () -- C:\Users\D-QUAD\Desktop\OTL - Shortcut.lnk
[2013/12/20 14:24:51 | 000,002,765 | ---- | C] () -- C:\Users\D-QUAD\Documents\INSTRUCTIONZ.rtf
[2013/12/20 14:24:14 | 000,001,058 | ---- | C] () -- C:\Users\D-QUAD\Documents\Document.rtf
[2013/12/19 19:03:18 | 000,001,875 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Wordpad.lnk
[2013/12/11 11:10:13 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/07 16:58:18 | 000,001,619 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/10/20 21:39:30 | 000,003,584 | ---- | C] () -- C:\Users\D-QUAD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:27:19 | 000,000,181 | ---- | C] () -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe.config
[2013/10/10 18:35:47 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/10/10 18:35:46 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/10/10 18:35:29 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/10/10 18:35:29 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/10/10 18:35:12 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/10/10 18:35:10 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/10 18:35:10 | 000,001,784 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/01 19:54:00 | 000,009,250 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236
[2010/12/25 18:26:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SupportPrinters
[2010/12/25 18:26:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration
[2010/12/25 18:12:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings
[2010/12/25 18:12:07 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2009/01/30 09:09:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\FinalMediaPlayer
[2013/11/08 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Motorola
[2013/11/08 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Temp
[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\FinalMediaPlayer
[2013/12/06 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\FinalMediaPlayer
[2013/12/06 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/05/02 09:30:31 | 000,000,000 | ---D | M] -- C:\Users\NAB\AppData\Roaming\Uniblue
[2013/10/10 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B
[2013/10/10 18:35:14 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\CDXReader
[2013/08/03 20:49:26 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Digiarty
[2013/10/10 18:35:01 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\DigitalSite
[2013/04/07 18:14:17 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FinalMediaPlayer
[2011/12/18 10:21:43 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FinalVideoDownloader
[2012/09/26 13:17:47 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
[2012/04/13 20:11:59 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\InfraRecorder
[2013/10/10 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\LavFilters
[2010/03/01 15:09:10 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\MAGIX
[2011/10/15 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Nikon
[2011/02/22 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\PCDr
[2011/04/13 13:59:20 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Temp
[2008/12/27 08:09:29 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\tmp
[2013/10/20 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\FinalMediaPlayer
[2013/12/12 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Temp

========== Purity Check ==========



< End of report >
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 21st, 2013, 7:18 am

Hi p_huero,

Still a few things to do:

Step 1
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:OTL
FF - HKLM\Software\MozillaPlugins\@ei.MarineAquarium3Free_57.com/Plugin: C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISB.dll File not found
[2011/05/01 19:54:00 | 000,009,250 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236

:commands
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Right click the aswMBR.exe icon and select "run as administrator" to run it.
  2. aswmbr uses Avast's virus definition, if prompted to download definitions, reply Yes.
    It may take some time for these definitions to download, please be patient.
  3. Make sure Quick Scan is set in the options, then click the "Scan" button to start the scan.
    The scan wil take a few minutes, please be patient.
  4. On completion, "Scan finished successfully" will be displayed. Press the "Save log" button.
  5. You'll be prompted to save a file named "aswMBR.txt". Save it to your desktop.
  6. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat
This is a copy of your MBR record, before any changes, to be used to recover MBR to previous condition, if problem exist after changes.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 21st, 2013, 1:34 pm

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-21 09:04:34
-----------------------------
09:04:34.186 OS Version: Windows 6.0.6002 Service Pack 2
09:04:34.186 Number of processors: 2 586 0xF0D
09:04:34.187 ComputerName: SYSAD-00 UserName: D-QUAD
09:04:35.078 Initialize success
09:17:59.931 AVAST engine defs: 13122100
09:18:16.124 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:18:16.124 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
09:18:16.233 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDRDR1Port3Path0Target0Lun0
09:18:16.233 Disk 1 Vendor: O2Micro_ 0001 Size: 241MB BusType: 16
09:18:16.467 Disk 0 MBR read successfully
09:18:16.467 Disk 0 MBR scan
09:18:16.592 Disk 0 Windows VISTA default MBR code
09:18:16.592 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:18:16.654 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
09:18:16.701 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142586 MB offset 20561920
09:18:16.717 Disk 0 scanning sectors +312579760
09:18:16.920 Disk 0 scanning C:\Windows\system32\drivers
09:18:59.072 Service scanning
09:19:38.992 Modules scanning
09:19:47.369 Disk 0 trace - called modules:
09:19:47.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
09:19:47.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868daac8]
09:19:47.947 3 CLASSPNP.SYS[83fa58b3] -> nt!IofCallDriver -> [0x85e0c798]
09:19:47.962 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e12030]
09:19:50.240 AVAST engine scan C:\Windows
09:19:56.215 AVAST engine scan C:\Windows\system32
09:26:05.181 AVAST engine scan C:\Windows\system32\drivers
09:26:30.221 AVAST engine scan C:\Users\D-QUAD
09:27:59.765 AVAST engine scan C:\ProgramData
09:32:32.706 Scan finished successfully
09:33:03.328 Disk 0 MBR has been saved successfully to "C:\Users\D-QUAD\Desktop\MBR.dat"
09:33:03.328 The log file has been saved successfully to "C:\Users\D-QUAD\Desktop\aswMBR.txt"
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 21st, 2013, 6:54 pm

Hi p_huero,

Did you successfully run the OTL fix?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 21st, 2013, 8:36 pm

OTL logfile created on: 12/20/2013 7:39:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\D-QUAD\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.25% Memory free
4.92 Gb Paging File | 3.41 Gb Available in Paging File | 69.37% Paging File free
Paging file location(s): c:\pagefile.sys 3055 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 5.06 Gb Free Space | 3.63% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 1.15 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive I: | 241.50 Mb Total Space | 241.50 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: SYSAD-00 | User Name: D-QUAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/20 08:07:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/13 20:20:12 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/11 11:39:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\D-QUAD\Downloads\OTL.exe
PRC - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 16:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2013/09/10 02:50:14 | 000,079,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\saHookMain.exe
PRC - [2013/09/10 02:50:10 | 000,160,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013/08/07 12:53:14 | 000,037,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
PRC - [2013/08/07 12:52:24 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/10/27 16:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 22:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/08/25 08:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/15 16:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 05:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008/02/22 15:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/21 21:14:22 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/01/20 18:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007/05/10 23:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 08:07:38 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/13 20:20:12 | 016,242,056 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/06 17:05:00 | 000,198,688 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\BPTrayPlugin.dll
MOD - [2013/10/03 12:57:18 | 000,198,688 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\VScan\MVSShExt6.0.2.133.dll
MOD - [2013/08/16 09:23:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/16 09:23:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 09:12:29 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/26 19:10:50 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/11/13 03:28:32 | 000,403,048 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
MOD - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MOD - [2011/06/24 19:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 19:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/03 04:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2013/12/20 08:07:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2013/10/03 12:57:52 | 000,295,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2013/09/10 02:50:10 | 000,160,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2013/08/07 12:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/08/07 12:55:26 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/08/07 12:52:24 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/09/02 22:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/17 08:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/08/07 12:59:26 | 000,213,232 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/08/07 12:57:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/08/07 12:56:38 | 000,568,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/08/07 12:55:38 | 000,365,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/08/07 12:55:14 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/08/07 12:54:36 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/08/07 12:53:54 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 07:25:30 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/06/23 06:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/15 12:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 12:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2008/09/12 12:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 12:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/08/27 00:39:52 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/08/27 00:39:46 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/16 21:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 21:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/03 04:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/05/18 17:29:08 | 000,110,592 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)
DRV - [2008/02/21 21:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 18:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/12/12 08:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/12/21 06:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2001/08/17 18:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam4USB.sys -- (Icam4USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... 3&id=38936
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes,DefaultScope = {ABC3CA36-E780-4B73-B329-B8F5212EDE8F}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{1CE1DD5D-22B9-4EF0-9701-160909051AE6}: "URL" = http://search.yahoo.com/search?fr=mcsaed&p={SearchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{ABC3CA36-E780-4B73-B329-B8F5212EDE8F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{CE73BBF2-084F-47A8-AEE6-66CA65CB54B2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{EDD48747-1D54-4137-B1AB-B3CD51762538}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "WWW.OUTLOOK.COM"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MarineAquarium3Free_57.com/Plugin: C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyoutubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2012/09/26 13:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@finalvideotools.com: C:\Program Files\FinalVideoDownloader\Firefox [2013/09/26 18:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/12/20 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/20 08:07:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/21 11:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Extensions
[2013/10/21 11:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default\extensions
[2013/12/20 08:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 08:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 08:07:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131211213831.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Users\SYSAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA14526-FC9B-408E-9DD5-5EDAA35277B2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD7A2A8-7A7C-4642-8A3E-0A3693E40FAD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\$PIX\111218\DSCN0880.JPG
O24 - Desktop BackupWallPaper: C:\$PIX\111218\DSCN0880.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/20 08:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/20 07:31:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/19 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/19 11:22:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/14 17:06:16 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/11 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/09 15:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
[2013/12/09 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/12/07 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/12/07 01:21:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/06 16:43:04 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/10/20 21:27:19 | 000,800,824 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\DPInst.exe
[2013/10/20 21:27:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe
[2013/10/20 21:27:17 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\PnPutil.exe

========== Files - Modified Within 30 Days ==========

[2013/12/20 19:38:22 | 000,000,518 | ---- | M] () -- C:\Users\D-QUAD\Desktop\OTL - Shortcut.lnk
[2013/12/20 19:02:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 19:02:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 18:47:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001UA.job
[2013/12/20 17:00:06 | 000,002,765 | ---- | M] () -- C:\Users\D-QUAD\Documents\INSTRUCTIONZ.rtf
[2013/12/20 14:24:14 | 000,001,058 | ---- | M] () -- C:\Users\D-QUAD\Documents\Document.rtf
[2013/12/20 14:09:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2013/12/20 13:02:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/20 13:02:04 | 001,047,140 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013/12/19 19:03:18 | 000,001,875 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Wordpad.lnk
[2013/12/18 21:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001Core.job
[2013/12/14 16:44:26 | 009,873,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/14 16:44:26 | 003,450,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/12 14:09:56 | 000,343,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 11:10:13 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/07 16:58:18 | 000,001,619 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/11/30 19:07:13 | 144,276,732 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/12/20 19:38:22 | 000,000,518 | ---- | C] () -- C:\Users\D-QUAD\Desktop\OTL - Shortcut.lnk
[2013/12/20 14:24:51 | 000,002,765 | ---- | C] () -- C:\Users\D-QUAD\Documents\INSTRUCTIONZ.rtf
[2013/12/20 14:24:14 | 000,001,058 | ---- | C] () -- C:\Users\D-QUAD\Documents\Document.rtf
[2013/12/19 19:03:18 | 000,001,875 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Wordpad.lnk
[2013/12/11 11:10:13 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/07 16:58:18 | 000,001,619 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/10/20 21:39:30 | 000,003,584 | ---- | C] () -- C:\Users\D-QUAD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:27:19 | 000,000,181 | ---- | C] () -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe.config
[2013/10/10 18:35:47 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/10/10 18:35:46 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/10/10 18:35:29 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/10/10 18:35:29 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/10/10 18:35:12 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/10/10 18:35:10 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/10 18:35:10 | 000,001,784 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/01 19:54:00 | 000,009,250 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236
[2010/12/25 18:26:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SupportPrinters
[2010/12/25 18:26:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration
[2010/12/25 18:12:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings
[2010/12/25 18:12:07 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2009/01/30 09:09:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\FinalMediaPlayer
[2013/11/08 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Motorola
[2013/11/08 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\D-QUAD\AppData\Roaming\Temp
[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\FinalMediaPlayer
[2013/12/06 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2013/10/20 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\FinalMediaPlayer
[2013/12/06 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/05/02 09:30:31 | 000,000,000 | ---D | M] -- C:\Users\NAB\AppData\Roaming\Uniblue
[2013/10/10 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\0D0S1L2Z1P1B
[2013/10/10 18:35:14 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\CDXReader
[2013/08/03 20:49:26 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Digiarty
[2013/10/10 18:35:01 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\DigitalSite
[2013/04/07 18:14:17 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FinalMediaPlayer
[2011/12/18 10:21:43 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FinalVideoDownloader
[2012/09/26 13:17:47 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
[2012/04/13 20:11:59 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\InfraRecorder
[2013/10/10 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\LavFilters
[2010/03/01 15:09:10 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\MAGIX
[2011/10/15 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Nikon
[2011/02/22 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\PCDr
[2011/04/13 13:59:20 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\Temp
[2008/12/27 08:09:29 | 000,000,000 | ---D | M] -- C:\Users\SYSAD\AppData\Roaming\tmp
[2013/10/20 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\FinalMediaPlayer
[2013/12/12 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Motorola Mobility
[2011/09/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Temp

========== Purity Check ==========



< End of report >
Sorry, thought I'd posted this earlier...guess I didn't.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware