Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake player update @ Hulu got me, now I'm ridin' dirty.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 10th, 2014, 9:46 pm

I tried to watch Hill Street Blues on Hulu for the first time the other day, and had a pop up for an updated player required to....yea I clicked it. It's been downloading stuff on its own and responding to the vast majority of my clicks with a new window with an ad or a download. Its really driving me nuts. I have Norton, but its expired and since I'm over the edge of my budget...its not gonna get renewed any time soon. The old norton would still scan and delete or quarantine, and even block possible viruses using the virus definitions procured up to the expiration. Not anymore it appears. anyway I also downloaded Ad-Aware antivirus in an attempt to whip this thing. Anyway enough about me, tell me a little about you! No? ok more about me...


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Joshua at 21:18:20 on 2014-09-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1002 [GMT -4:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\score.exe
C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\Misfit21ca\EverQuest\eqgame.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll
BHO: {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C - <orphaned>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coieplg.dll
uRun: [Spotify Web Helper] "C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_83] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921} : NameServer = 81.218.119.15,199.203.35.75
TCP: Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coieplg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvamacpi;NVIDIA Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2013-9-27 28192]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-10 1148120]
R1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64;{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64;C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys [2014-9-8 61016]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-9 1530160]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-10 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140626.002\IDSviA64.sys [2014-6-26 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-10 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [2014-8-27 706864]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe [2014-8-10 265040]
R2 scores;scores;C:\Windows\score.exe [2014-9-8 4823040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-15 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-28 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-09-11 00:52:46 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43C43EF7-09EA-40A4-933F-C835883BDD4E}\offreg.dll
2014-09-10 10:53:04 -------- d-----w- C:\Users\Joshua\AppData\Roaming\ap_logs
2014-09-10 10:52:09 632712 ----a-w- C:\Users\Joshua\AppData\Local\nsd8FD5.tmp
2014-09-10 07:06:59 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-09-10 07:00:57 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 07:00:57 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 03:10:19 10036224 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-10 01:47:23 -------- d-----w- C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
2014-09-10 01:46:53 -------- d-----w- C:\Program Files\Lavasoft
2014-09-10 01:45:50 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-09-10 01:36:19 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43C43EF7-09EA-40A4-933F-C835883BDD4E}\mpengine.dll
2014-09-10 01:35:43 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 01:35:43 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 01:34:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 01:34:53 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 01:34:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 01:34:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 01:34:51 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 01:33:38 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 01:33:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 01:33:36 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 01:33:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-09 03:03:51 61016 ----a-w- C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
2014-09-08 23:37:17 1500576 ----a-w- C:\Users\Joshua\AppData\Roaming\FGNB.exe
2014-09-08 23:35:46 1943968 ----a-w- C:\Users\Joshua\AppData\Roaming\TOSRNFR.exe
2014-09-08 23:35:22 -------- d-----w- C:\Users\Joshua\AppData\Local\globalUpdate
2014-09-08 23:35:22 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-09-08 23:32:40 4823040 ----a-w- C:\Windows\score.exe
2014-09-08 23:32:30 -------- d-----w- C:\Users\Joshua\AppData\Local\Genesis_09082332
2014-08-29 00:32:17 -------- d-----w- C:\Users\Joshua\AppData\Local\Adobe
2014-08-28 00:46:51 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 00:46:51 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 00:46:51 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-13 02:52:15 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-13 02:52:15 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-13 02:52:14 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-13 02:52:14 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-13 02:52:13 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-13 02:52:13 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-13 02:52:07 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-13 02:52:07 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-12 21:32:19 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-12 21:32:19 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-12 21:32:19 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-12 21:32:19 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-12 21:32:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-12 21:32:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-12 21:31:28 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-12 21:31:28 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-12 21:31:28 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-12 21:31:27 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-12 21:31:27 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-12 21:31:27 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-12 21:31:27 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-12 21:31:15 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-12 21:29:24 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-12 21:29:24 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
.
==================== Find3M ====================
.
2014-09-10 03:10:29 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 03:10:29 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-10 18:09:30 389240 ----a-w- C:\Windows\System32\drivers\Trufos.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 21:19:21.17 ===============

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2013 8:00:01 PM
System Uptime: 9/10/2014 8:28:20 PM (1 hours ago)
.
Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | J3E1 | 2380/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 346 GiB total, 181.377 GiB free.
D: is FIXED (NTFS) - 120 GiB total, 114.935 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 232.755 GiB free.
G: is CDROM ()
H: is CDROM ()
M: is Removable
N: is Removable
O: is Removable
P: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ssnfd
Device ID: ROOT\LEGACY_SSNFD\0000
Manufacturer:
Name: ssnfd
PNP Device ID: ROOT\LEGACY_SSNFD\0000
Service: ssnfd
.
==== System Restore Points ===================
.
RP74: 8/19/2014 5:23:37 AM - Windows Update
RP75: 8/26/2014 5:29:28 PM - Windows Update
RP76: 8/27/2014 11:29:29 PM - Windows Update
RP77: 9/2/2014 7:18:34 PM - Windows Update
RP78: 9/5/2014 10:32:20 PM - Windows Update
RP79: 9/8/2014 7:33:17 PM - CloudScout Parental Control
RP79: 9/8/2014 7:33:17 PM - CloudScout Parental Control
RP80: 9/8/2014 7:42:44 PM - CloudScout Parental Control
RP81: 9/9/2014 9:33:43 PM - Windows Update
RP82: 9/9/2014 9:44:52 PM - AA11
RP83: 9/10/2014 3:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.11)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AntimalwareEngine
Battle.net
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Diablo III
EQ2MAP Updater 1.2.10
EverQuest
EverQuest II
GamParse
Google Chrome
Google Earth
Guild Wars 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Legends of Norrath
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Norton 360
NVIDIA Drivers
Opera Stable 24.0.1558.53
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Spotify
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
9/8/2014 7:33:08 PM, Error: Service Control Manager [7034] - The scores service terminated unexpectedly. It has done this 1 time(s).
9/6/2014 9:09:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Interactive Services Detection service to connect.
9/6/2014 9:09:00 AM, Error: Service Control Manager [7000] - The Interactive Services Detection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2014 9:07:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
9/6/2014 9:07:33 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/4/2014 7:36:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HARLEYQUINN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}. The master browser is stopping or an election is being forced.
9/10/2014 8:28:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ssnfd
9/10/2014 7:21:59 AM, Error: Service Control Manager [7031] - The Update Krab Web service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/10/2014 7:21:52 AM, Error: Service Control Manager [7031] - The Util Krab Web service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================


Thank you in advance.
Joshua
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm
Advertisement
Register to Remove

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 10th, 2014, 11:20 pm

Hello misfit21ca,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 11th, 2014, 1:34 am

Hello misfit21ca,

I have Norton, but its expired and since I'm over the edge of my budget...its not gonna get renewed any time soon. The old norton would still scan and delete or quarantine, and even block possible viruses using the virus definitions procured up to the expiration. Not anymore it appears. anyway I also downloaded Ad-Aware antivirus in an attempt to whip this thing.
Much - does not mean good! It is believed that every computer needs one ativirus program and one active spyware/malware detector such as Windows Defender.

Step 1.
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    Norton 360
    Ad-Aware Antivirus
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to uninstall the Norton 360, especially in case of expiration - see Step 3.

Step 2.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 3.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    AntimalwareEngine
    Norton 360
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 5.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Contents of CKFiles.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 11th, 2014, 7:46 pm

No problem executing the instructions so far.

OTL logfile created on: 9/11/2014 7:30:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 65.97% Memory free
6.49 Gb Paging File | 5.00 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.76 Gb Total Space | 181.61 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive D: | 120.00 Gb Total Space | 114.94 Gb Free Space | 95.78% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.76 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: 700GR | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/11 19:07:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.exe
PRC - [2014/08/24 22:40:44 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/07/27 18:04:40 | 000,702,344 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/06/20 23:44:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/27 12:32:26 | 000,706,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/09 23:11:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/27 18:04:40 | 000,702,344 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/08 12:30:52 | 000,061,016 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys -- ({6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64)
DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/16 19:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/16 05:59:42 | 000,199,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\efe5b32e.sys -- (E100B)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&c ... A22FB27&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: 681749B486A67289911A682D301A4BDB897CEC80DF0BB4613678EED13F993FFA ()
CHR - default_search_provider: search_url = C28BE4738F70A608EEFE08459836A4665BAD4D17BE7516317CE156B25BB73204
CHR - default_search_provider: suggest_url =
CHR - homepage: C83883EF74E640D2288FD0BDFD1DFAF3DAD2CF646741AC1433BF9E1061131F18
CHR - Extension: Google Docs = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Search = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Norton Identity Safe = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/07/21 21:29:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [fst_us_139] File not found
O4 - HKLM..\Run: [fst_us_83] File not found
O4 - HKLM..\Run: [fst_us_87] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000..\Run: [Spotify Web Helper] C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/27 14:17:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/11 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Techsnab
[2014/09/10 06:53:04 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\ap_logs
[2014/09/10 03:07:10 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/10 03:07:10 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/10 03:07:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/10 03:07:07 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/10 03:07:07 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/10 03:07:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/10 03:07:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/10 03:07:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/10 03:07:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/10 03:07:06 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/10 03:07:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/10 03:07:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/10 03:07:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/10 03:07:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/10 03:07:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/10 03:07:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/10 03:07:04 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/10 03:07:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/10 03:07:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/10 03:07:03 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/10 03:07:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:01 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/10 03:07:01 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/10 03:07:01 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/10 03:07:01 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/10 03:07:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/10 03:07:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/10 03:07:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/10 03:07:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/10 03:06:56 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/10 03:06:55 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/10 03:06:55 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/10 03:00:57 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/10 03:00:57 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/09 23:10:19 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/09 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Lavasoft
[2014/09/09 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
[2014/09/09 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/09/09 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/09/09 21:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/09/09 21:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/09/09 21:35:43 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/09 21:35:43 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/09 21:34:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/09 21:33:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/09 21:33:36 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/09 21:33:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/08 23:03:51 | 000,061,016 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
[2014/09/08 19:37:17 | 001,500,576 | ---- | C] (app) -- C:\Users\Joshua\AppData\Roaming\FGNB.exe
[2014/09/08 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\globalUpdate
[2014/09/08 19:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/09/08 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
[2014/09/08 19:32:30 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Genesis_09082332
[2014/08/28 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Adobe
[2014/08/27 20:46:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/12 22:52:15 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/12 22:52:15 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/12 22:52:14 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/12 22:52:14 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/12 22:52:13 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/12 22:52:13 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/12 22:52:07 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/12 22:52:07 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/06/03 22:28:28 | 001,705,163 | ---- | C] (AnyProtect.com) -- C:\Users\Joshua\AppData\Local\AnyProtectScannerSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Joshua\AppData\Local\*.tmp files -> C:\Users\Joshua\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/11 19:12:01 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 19:12:01 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 19:08:54 | 000,001,432 | ---- | M] () -- C:\Users\Joshua\Desktop\OTL.exe - Shortcut.lnk
[2014/09/11 19:05:16 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/09/11 19:04:50 | 000,001,688 | ---- | M] () -- C:\Windows\tasks\TOSRNFR.job
[2014/09/11 19:04:49 | 000,001,338 | ---- | M] () -- C:\Windows\tasks\FGNB.job
[2014/09/11 19:04:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/11 19:04:43 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/09/11 19:04:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/11 19:04:26 | 2615,365,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 18:49:26 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/10 22:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/10 20:28:43 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/09/10 20:28:43 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/09/10 20:28:42 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/09/10 06:53:51 | 000,000,320 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\aps.uninstall.scan.results
[2014/09/10 03:38:36 | 000,782,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/10 03:38:36 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 03:38:36 | 000,122,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 03:05:33 | 000,774,132 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/09 23:10:29 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 23:10:29 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/09 23:10:19 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/08 21:20:43 | 000,000,534 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/08 19:47:45 | 000,002,273 | ---- | M] () -- C:\Users\Joshua\Desktop\Google Chrome.lnk
[2014/09/08 19:47:17 | 000,002,297 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/08 19:47:17 | 000,001,455 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/08 19:40:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/09/08 19:37:17 | 001,500,576 | ---- | M] (app) -- C:\Users\Joshua\AppData\Roaming\FGNB.exe
[2014/09/08 19:35:12 | 000,000,679 | ---- | M] () -- C:\Windows\PCHealthFix.INI
[2014/09/08 19:32:05 | 000,000,000 | ---- | M] () -- C:\END
[2014/09/08 12:30:52 | 000,061,016 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
[2014/09/04 22:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 22:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/01 04:18:44 | 000,002,086 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\FGNB
[2014/09/01 04:18:44 | 000,001,248 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\TOSRNFR
[2014/08/28 18:12:19 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/22 22:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/18 18:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/18 18:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/18 18:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/18 18:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/18 18:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/18 18:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/18 18:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/18 18:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/18 18:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/18 18:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/18 17:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/18 17:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/18 17:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/18 17:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 17:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/18 17:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/18 17:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/18 17:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/18 17:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/18 17:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/18 17:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/18 17:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/18 17:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/18 17:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/18 17:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/18 17:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/18 17:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/18 17:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 17:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/18 17:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/18 17:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/18 17:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/18 16:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/18 16:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Joshua\AppData\Local\*.tmp files -> C:\Users\Joshua\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/09/11 19:07:51 | 000,001,432 | ---- | C] () -- C:\Users\Joshua\Desktop\OTL.exe - Shortcut.lnk
[2014/09/09 21:47:15 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/09/08 19:37:18 | 000,001,338 | ---- | C] () -- C:\Windows\tasks\FGNB.job
[2014/09/08 19:35:47 | 000,001,688 | ---- | C] () -- C:\Windows\tasks\TOSRNFR.job
[2014/09/08 19:35:32 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/09/08 19:35:28 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/09/08 19:33:18 | 000,000,679 | ---- | C] () -- C:\Windows\PCHealthFix.INI
[2014/09/01 04:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\FGNB
[2014/09/01 04:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\TOSRNFR
[2014/06/03 22:30:37 | 000,000,320 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\aps.uninstall.scan.results
[2014/06/03 22:29:31 | 000,000,534 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/25 04:03:36 | 000,774,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/28 21:03:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/16 16:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 16:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/09/10 06:53:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ap_logs
[2014/02/18 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Battle.net
[2013/10/15 07:56:22 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DriverCure
[2014/06/03 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\GetPrivate
[2013/09/29 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Guild Wars 2
[2013/09/29 08:08:09 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Opera Software
[2013/10/15 07:56:22 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ParetoLogic
[2014/08/24 22:41:26 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Spotify
[2014/06/03 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\wi_upd

========== Purity Check ==========



< End of report >
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 11th, 2014, 7:47 pm

OTL Extras logfile created on: 9/11/2014 7:30:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 65.97% Memory free
6.49 Gb Paging File | 5.00 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.76 Gb Total Space | 181.61 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive D: | 120.00 Gb Total Space | 114.94 Gb Free Space | 95.78% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.76 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: 700GR | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096754B6-A86E-40C1-8A08-22AC2117E104}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1BA9857F-8047-484D-8824-5BD7CEB42520}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24D520A5-84F8-4A17-B22C-E1E0EEDA76C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{28DEFCE7-74C6-4C54-8643-9F8D747B2D93}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
"{37A4BDE0-FF8F-45A1-B232-CC2E5AB160B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{466727E6-6D56-499E-9240-A5581B22C4AC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4C18229A-AACB-4947-889B-0A7D8769C439}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{6E65F19E-B5FA-469D-89F5-D564B6060A14}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D866F0E-962D-49F0-8ACF-2719AA498CBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{829F32F6-D3F9-4145-9DED-53F217740E0F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8566F0DC-55E3-4C06-B1E3-C4CA8177127E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{868C2E44-BCB3-42DC-A14C-36B71443B94E}" = rport=139 | protocol=6 | dir=out | app=system |
"{89557F29-6F1B-4D5C-B35E-856E4F69AF6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{90A3859D-83E2-422B-826B-F506E08012E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96330DFC-8785-4853-850A-396F60CD547F}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E351C5C-5E8B-4F51-BF51-A844A5DEF7A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{A23A00E3-D011-4CBF-93D4-2ABA24DADF5A}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{AAEC53F1-B0B1-4FF5-8E3E-144B54925199}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE633505-2774-41F0-AC7A-5FF8FF65CCE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1355678-2F4F-44E4-98D6-E3AEB204C0C5}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
"{C3022548-D6BE-4EA9-B040-F4457634D0CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C558BCC3-BB1B-46EE-8197-FE70ACE8A99F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC783386-CC48-4048-B0F2-DB148043A57B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E25679A3-D607-4D75-AD86-AA52B265F5D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F75B9078-CAD4-45EC-B56A-9B12A2827887}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F983BB1D-5E31-43F8-9508-B19F2873C4D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0547BA86-0269-4E6D-94AE-F7B6743BCC32}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{0A3FB17A-266C-4D97-B043-1325040FFFA2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{0EBB646E-22AB-44A1-B8D5-5C7DC334D9D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{18E8C41C-E634-4334-8000-47E36E33998D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D51E0BF-19C3-4FF8-8EAE-6147F6E3A28E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{3B38502E-CD61-4737-A577-0AF0F3DD3D35}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{3C915218-C104-4528-A01B-D732D7557233}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CCBD9DE-3CFC-4B0F-851B-FC782E2DC94A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{587EC553-5A29-4720-9106-B360533CA648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{689712DA-30B4-485B-89A2-4D35AF575302}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6BDC82D1-56BC-4629-BE88-F043ED0C79E1}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{71C5D335-BE2D-413C-A22F-EF8DA0A08AEB}" = protocol=6 | dir=out | app=system |
"{78B8B1EC-FC19-44F6-A53C-51D9728AF012}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{8FF09D6E-C5CC-481C-A5CE-B58CC5BBEAC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9663BA74-DCC2-439D-8822-185ED6CEF5FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9BE00BCB-EF48-4434-9EF4-C74148B6225D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A730A20A-BB5F-4443-B9A7-7C653FF351BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8CD2ED6-F166-49BA-8198-01A85CAE29DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A99F90E9-25AA-4A21-96F5-20FF2B8DECBC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3DF43A4-61DC-4579-B72C-02281CC1AF50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B960BD29-521C-451C-AD02-8CE48AC1EBC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF702834-B414-4ADD-A824-6626BBA04C00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C36ABA9B-08BC-400D-8D69-E3EC31B9A137}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{CBD4A77D-18F5-441F-BC1A-A5774BBC1E3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{CE2B1304-D62A-4327-B66B-830F109F89BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6F53B9A-E4D5-4854-A564-5EA9459CECFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E273F03A-3A94-4958-A061-480BDD26BF59}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{E906156D-6187-4DAC-AB7B-343435EA1B82}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F11584AD-0EF9-40EF-BF73-D118C3654159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F80020C2-3972-42E8-A8A0-9046F7AB3C95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD7DE432-F6CC-4449-993E-4E7927F1E9D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"TCP Query User{1DACC804-177D-4AAD-860B-B32A22C3935E}C:\users\joshua\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\joshua\appdata\roaming\spotify\spotify.exe |
"TCP Query User{32A730A1-66EF-4C7F-A382-7E734E6FBE7D}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"TCP Query User{893F652F-2C81-4911-9DCD-3E47B8C553B9}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"TCP Query User{8BAD4184-F00A-461C-A855-5BC2801FEAF3}C:\users\joshua\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\joshua\appdata\local\temp\gw2.exe |
"TCP Query User{8FF78251-AFC0-4841-AC03-3522FA7B9EBE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{0274FF5F-6AC2-43EC-A030-7F86D6B818E4}C:\users\joshua\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\joshua\appdata\local\temp\gw2.exe |
"UDP Query User{12054C73-B47F-4E56-B35E-22406DE247A2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{38C94A00-FBE3-48E8-9592-F85FBA364291}C:\users\joshua\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\joshua\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B7EF4F5F-A3E6-4401-89A6-FBA8B4B2F280}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{FF871C26-C3EF-418F-AD73-9EC56AFED9BE}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0851BE65-294B-4BBA-8A0D-C1320DCBBCA3}" = AdAwareInstaller
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{66F8CA06-DAEE-8F7B-FEF9-2A59E622BBA7}" = AMD Accelerated Video Transcoding
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}" = AMD Catalyst Install Manager
"{C7189B8D-3861-B2D5-A948-582134C2B21E}" = ccc-utility64
"{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine
"{D3DE00DF-4EFB-8013-3E93-D735E69CAF6A}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF1AFD96-296C-421E-FF16-16EB9350D54D}" = AMD Media Foundation Decoders
"{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}" = AdAwareUpdater
"{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater" = Ad-Aware Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0B5A51-282D-49EA-48DA-14B2486E5B33}" = CCC Help Hungarian
"{0AF0419B-6603-5DDC-1C12-D4CE757C8345}" = CCC Help English
"{0CB6074C-6CD0-C3E7-0633-896B4738C0D6}" = CCC Help German
"{1211AC7A-31C3-391D-BA7F-54C37DE0F262}" = CCC Help Greek
"{182EBA66-E694-BF7F-09D7-B5433F5AA9FE}" = CCC Help Polish
"{20A3AAE7-B559-FBB1-92C6-AF3D5FED9E92}" = CCC Help Chinese Traditional
"{219611BE-3B5D-33EE-F3AD-9BD7282FE795}" = CCC Help Russian
"{23A999B4-2696-39CF-A587-F89E414D5519}" = CCC Help Portuguese
"{280A0282-7895-61C0-824F-A39AE1B71CDA}" = Catalyst Control Center Graphics Previews Common
"{2B2F061B-CEB6-3DF9-AA8A-9907CFED93DB}" = CCC Help French
"{3C50988F-0533-D5A6-B46C-8B6BB5A92F74}" = CCC Help Norwegian
"{46537879-F1AB-0BFD-77F2-AD0F6719623A}" = CCC Help Danish
"{49A2AD60-9E15-297B-B502-FE5550CB1660}" = CCC Help Chinese Standard
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{52E27109-C485-7E96-8B92-C7431FB9B511}" = CCC Help Turkish
"{62A09364-9839-D02F-2565-6749CEAF08F4}" = CCC Help Spanish
"{6443DF74-8F5B-4113-560F-47CD142D3916}" = CCC Help Japanese
"{77CBF305-64B5-CC66-673C-CAE5CACCA640}" = CCC Help Swedish
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{989EF5D6-F20D-7D17-57CE-60ACD155CF13}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D45CCE2-F5F7-BAD9-C06E-51FC0DD6CCA2}" = Catalyst Control Center
"{A5A5ADA2-A13F-BE10-A38C-A20B0BD345C9}" = CCC Help Thai
"{A9D84363-82E3-4951-DEAF-BAEB62A55195}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{C226DDBF-A740-F6E2-9859-08D1581C7507}" = CCC Help Italian
"{D4008E9D-8A0A-E3CE-F987-5EEA38A6017F}" = CCC Help Czech
"{E135A549-5A50-4EB0-05F9-C25F91485287}" = CCC Help Korean
"{F3DE7631-3D3E-4B0D-F832-5A17A8138A69}" = CCC Help Dutch
"{F6113E54-9D89-18D0-5288-62D081A9A380}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Battle.net" = Battle.net
"Diablo III" = Diablo III
"EQ2MAP Updater" = EQ2MAP Updater 1.2.10
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"Opera 24.0.1558.53" = Opera Stable 24.0.1558.53
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6f16172c295f43ac" = GamParse
"soe-EverQuest" = EverQuest
"SOE-EverQuest II" = EverQuest II
"SOE-LegendsOfNorrath" = Legends of Norrath
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2014 7:35:49 PM | Computer Name = 700GR | Source = MsiInstaller | ID = 10005
Description =

Error - 9/8/2014 7:51:53 PM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

Error - 9/9/2014 9:22:29 PM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2014 3:33:32 AM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2014 8:30:19 PM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2014 6:42:23 PM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2014 7:01:39 PM | Computer Name = 700GR | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Eraser Control driver. System Error: The system cannot find the
file specified. .

Error - 9/11/2014 7:01:39 PM | Computer Name = 700GR | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Iron Driver. System Error: The system cannot find the file specified.
.

Error - 9/11/2014 7:01:39 PM | Computer Name = 700GR | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Network Security WFP Driver. System Error: The system cannot find
the file specified. .

Error - 9/11/2014 7:06:15 PM | Computer Name = 700GR | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/31/2014 7:20:02 PM | Computer Name = 700GR | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 4/10/2014 11:54:47 PM | Computer Name = 700GR | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.

Error - 4/11/2014 6:35:33 PM | Computer Name = 700GR | Source = bowser | ID = 8003
Description =

Error - 4/15/2014 12:01:11 AM | Computer Name = 700GR | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 4/15/2014 3:25:33 PM | Computer Name = 700GR | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 4/22/2014 4:45:52 PM | Computer Name = 700GR | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:42:15 PM on ?4/?22/?2014 was unexpected.

Error - 4/24/2014 6:30:14 PM | Computer Name = 700GR | Source = bowser | ID = 8003
Description =

Error - 4/26/2014 6:00:31 PM | Computer Name = 700GR | Source = bowser | ID = 8003
Description =

Error - 4/27/2014 8:21:07 AM | Computer Name = 700GR | Source = bowser | ID = 8003
Description =

Error - 4/29/2014 7:27:02 AM | Computer Name = 700GR | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 11th, 2014, 7:50 pm

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.DGAPXZ
----- EOF -----


I do not see any changes in my computer, except the obvious. Norton isn't reminding me every 8 minutes that its expired and I'm gonna catch my death of viruses. =)
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 12th, 2014, 12:37 am

Hello misfit21ca,

Good job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&c ... A22FB27&q={searchTerms}&SSPV=
    CHR - default_search_provider: 681749B486A67289911A682D301A4BDB897CEC80DF0BB4613678EED13F993FFA ()
    CHR - default_search_provider: search_url = C28BE4738F70A608EEFE08459836A4665BAD4D17BE7516317CE156B25BB73204
    CHR - homepage: C83883EF74E640D2288FD0BDFD1DFAF3DAD2CF646741AC1433BF9E1061131F18
    CHR - Extension: Norton Identity Safe = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
    CHR - Extension: Norton Security Toolbar = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
    O2 - BHO: (no name) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [fst_us_139] File not found
    O4 - HKLM..\Run: [fst_us_83] File not found
    O4 - HKLM..\Run: [fst_us_87] File not found
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    
    :Files
    C:\Windows\*.tmp
    C:\Users\Joshua\AppData\Local\*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 3.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Freesofttoday*
    *free_soft_*
    *fst_us_*
    *upfst_*
    
    :folderfind
    *Freesofttoday*
    *free_soft_*
    *fst_us_*
    *upfst_*
    
    :Regfind
    Freesofttoday
    fst_us_
    free_soft_
    upfst_
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Contents of the JRT.txt log file
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 12th, 2014, 9:19 pm

Only instructions I had any issue with was, I found no information for temporarily shutting down Ad-Aware Antivirus at the link provided so I resorted to just clicking the switch to turn off Real Time Protection and hoped for the best!


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\_metadata folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\images folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0 folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_metadata folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_locales\en folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_locales folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\RedirectPages folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\Widgets folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\StatusButton folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\SafeBrowse folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\IdentitySafe folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_139 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_83 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_87 deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== FILES ==========
C:\Windows\msdownld.tmp folder moved successfully.
C:\Users\Joshua\AppData\Local\nsd8FD5.tmp moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joshua\Downloads\cmd.bat deleted successfully.
C:\Users\Joshua\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua
->Flash cache emptied: 8615 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dub_cm_auto

User: Joshua
->Temp folder emptied: 195072463 bytes
->Temporary Internet Files folder emptied: 20165672 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30231957 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43245002 bytes
RecycleBin emptied: 122838630 bytes

Total Files Cleaned = 392.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09122014_174201

Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 12th, 2014, 9:20 pm

# AdwCleaner v3.310 - Report created 12/09/2014 at 19:52:15
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Joshua - 700GR
# Running from : C:\Users\Joshua\Downloads\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginServices
Service Deleted : {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Joshua\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Joshua\AppData\Local\Genesis_09082332
Folder Deleted : C:\Users\Joshua\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Joshua\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Joshua\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Joshua\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
File Deleted : C:\Users\Joshua\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Joshua\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : GPUpdate
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\FrEeSoFtOdAy
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\Wpm

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... A22FB27&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT332658 ... FB27&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [5709 octets] - [12/09/2014 19:39:43]
AdwCleaner[S0].txt - [5143 octets] - [12/09/2014 19:52:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5203 octets] ##########
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 12th, 2014, 9:21 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Joshua on Fri 09/12/2014 at 20:09:13.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/12/2014 at 20:17:01.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 12th, 2014, 10:03 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 20:25 on 12/09/2014 by Joshua
Administrator - Elevation successful

========== filefind ==========

Searching for "*Freesofttoday*"
No files found.

Searching for "*free_soft_*"
No files found.

Searching for "*fst_us_*"
No files found.

Searching for "*upfst_*"
No files found.

========== folderfind ==========

Searching for "*Freesofttoday*"
No folders found.

Searching for "*free_soft_*"
No folders found.

Searching for "*fst_us_*"
No folders found.

Searching for "*upfst_*"
No folders found.

========== Regfind ==========

Searching for "Freesofttoday"
No data found.

Searching for "fst_us_"
No data found.

Searching for "free_soft_"
No data found.

Searching for "upfst_"
No data found.

-= EOF =-


I have not yet noticed a difference in the behavior of my computer. Still nearly every click on the page of the browser, say to start cursor input in this box for example, brings up a tab. VERY briefly when the pop up first starts directing itself it says something like t.cttsrv.com/texred. Its so quick Its hard to be 100% sure but, after a second or so its directed to the Ad page and thats whats displayed in the address box. also the computer is breifly locking up like when I'm typing right now, the letters stop showing on the screen for a second or three and then catch up to what I've imputed. Also, I dont know if its random or what but the pop up I got off one of the links you gave to download programs was a porn pop up. Thankfully the kids weren't in the room. I'm sure its my virus and not the page your directing me to, but it was the first porn pop up I've seen on a regular webpage. I think it knows were on to it, and its getting belligerent. Thank you for your efforts thus far!
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 12th, 2014, 11:28 pm

Hello misfit21ca,

Also, I dont know if its random or what but the pop up I got off one of the links you gave to download programs was a porn pop up. Thankfully the kids weren't in the room. I'm sure its my virus and not the page your directing me to, but it was the first porn pop up I've seen on a regular webpage. I think it knows were on to it, and its getting belligerent. Thank you for your efforts thus far!
While I am studying your logs and preparing the new set of steps, could you please reply with the name of program I asked to download which gave you that porn pop-up?
Also I need to know which browser did you use when downloaded the tools.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 12th, 2014, 11:48 pm

Opera 24.0

Version information

Version: 24.0.1558.53 - Opera is up to date
Update stream: Stable
System: Windows 7 64-bit (WoW64)
Browser identification

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36 OPR/24.0.1558.53

Paths

Install: C:\Program Files (x86)\Opera
Profile: C:\Users\Joshua\AppData\Roaming\Opera Software\Opera Stable
Cache: C:\Users\Joshua\AppData\Local\Opera Software\Opera Stable.

I believe it was Junkware Removal Tool. I wasn't actually paying attention to which I was on that closely...And I'm fairly certain it wasn't the actual website you linked for me, but yet another of my clicks brought up the popup. The way it behaves, I think I could have clicked on an empty space of the page that time and it would have brought up that link. But then again, I don't know diddly about this stuff! hehe
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 13th, 2014, 6:19 pm

Hello misfit21ca,

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Reset Opera Browser to Default Setting
  1. Please close all Internet browsers
  2. Then locate and delete file C:\Users\Joshua\AppData\Roaming\Opera Software\Opera Stable\Preferences
  3. Restart Opera and the file will be rebuilt. Opera is back to the default settings
  4. Try to download previous tools such as AdwCleaner and Junkware Removal Tool and tell me about any pop-up you will have in your next reply.

Step 3.
Malwarebytes' Anti-Malware
  1. Please download Malwarebytes' Anti-Malware and save to your desktop.
  2. Right-click on mbam-setup.exe and select "Run as administrator... ", then follow the prompts to install the program.
  3. At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  4. Then click Finish.
  5. You'll see an alert that "Databases out of date" Click the "Update Now" button.
  6. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  7. Press the Scan Now >> button.
  8. When the scan is finished:
  9. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  10. If infections were found, click the Quarantine all button.
  11. Press the View detailed log >> link to display the results log.
  12. Press the Copy to Clipboard button.
  13. Copy and paste the scan results in your next reply and exit MBAM.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-06-... file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 14th, 2014, 2:52 pm

I did not have any problems executing the instructions.

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 9/14/2014
Scan Time: 2:08:33 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.14.06
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joshua

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297682
Time Elapsed: 8 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.BrowserWarden.A, HKU\S-1-5-21-3345505721-2628896921-2782180944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2C09954F-CDA8-4BD1-8794-1D543E050378}, Quarantined, [533b21cc146772c413e52b95857dee12],
PUP.Optional.BrowserWarden.A, HKLM\SOFTWARE\WOW6432NODE\Browser Warden, Quarantined, [7a1407e684f72610c7a912571aeae818],
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [543a5b929dde1a1c77bb8a8d6a998977],
PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [a8e605e8225961d53c53a661976c4db3],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [bbd36786c2b94aece1307097b152857b],
PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps, Quarantined, [315d19d4accf75c1458003fa010109f7],
PUP.Optional.DynamicPricer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, HKU\S-1-5-21-3345505721-2628896921-2782180944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, HKU\S-1-5-21-3345505721-2628896921-2782180944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C9C42510-9B41-42C1-9DCD-7282A2D07C61}, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Chrome, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\content, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\IE, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],

Files: 17
PUP.Optional.SearchProtect.A, C:\Windows\SysWOW64\uniiprct.exe, Quarantined, [2a64ce1fea918caaf028dab7a25f16ea],
PUP.Optional.LiveSoftAction.A, C:\Users\Joshua\Downloads\Facebook Smileys provided through FBSmileys.exe, Quarantined, [96f8df0e3348d561033f6ebd9071c838],
PUP.Optional.OptimumInstaller, C:\Users\Joshua\Downloads\Player-Chrome.exe, Quarantined, [d7b716d7bebddd59de0bcfdd21e03bc5],
PUP.Optional.InstallManager, C:\Users\Joshua\Downloads\Setup (1).exe, Quarantined, [721cbc31760575c132c030bf7e86d12f],
PUP.Optional.DomaIQ, C:\Users\Joshua\Downloads\Setup (2).exe, Quarantined, [b8d6ffeef4870d2928898cc747b9de22],
Trojan.Downloader, C:\Users\Joshua\AppData\Local\DynamicPricer\DynamicPricerInstaller.exe, Quarantined, [d9b5cc219edd54e295fac3869c642cd4],
PUP.Optional.Proxy.A, C:\Users\Joshua\AppData\Local\proxy.log, Quarantined, [bfcfd31a8fec69cd668d778dc24129d7],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\DynamicPricerInstaller.exe, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Chrome\background.html, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Chrome\background.js, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Chrome\manifest.json, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\chrome.manifest, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\install.rdf, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\content\browserOverlay.js, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\content\browserOverlay.xul, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\Firefox\content\h.css, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],
PUP.Optional.DynamicPricer.A, C:\Users\Joshua\AppData\Local\DynamicPricer\IE\DynamicPricer.dll, Quarantined, [ade13db0d7a459dd97f68e4a6f935da3],

Physical Sectors: 0
(No malicious items detected)


(end)

I have not yet noticed any difference in the behavior of my computer. after this last step, the malwarebyte scan and quarantine, it asked me to restart my computer which i did after saving the log to desktop. when it restarted it automatically brought up this page which was open when i restarted. So when I clicked on this page to enable it, so I can start my reply I was rewarded with a pop up, which I presume is just part of my symptoms. The pop up I got from this page opened a new tab for a pchealth.com ad titled Pc Cleanup, in a new tab. trying to exit this ad created one of those "your in danger, if you navigate away from this page and would you like to proceed" boxes. which must be clicked to return to this page for my reply here. While typing that out I noticed atleast 5 small freezes where the letters stop appearing and the cursor stops blinking for a short duration, then the rest of what I've typed while it was locked appears.

Now for the deletion of user data in opera to reset it. Those instructions were easily completed but made me wonder should that be done for the other browsers on the computer. there is also internet exploder, and chrome. I mainly use Opera, used the chrome to watch netflix, and rarely ever use internet exploder. mostly only if I'm having trouble with a webpage in opera. So that brings me to downloading the tools again with the rebuilt opera.

with this page open i just scrolled up and through the tools:
Adwcleaner, clicking link = no popup
JRT, clicking link = no popup. Link opens page @bleepingcomputer with a button to download tool. Clicking download on the bleepingcomputer page = pop up of a new tab, shortly called cttsrv.com/texred, then when loaded is addressed pckeeperapp.zeobit.com.
Systemlook, clicking link = new tab called about:blank and the tool downloads in browser.
Ckscanner, clicking link = new tab called about:blank and the tool downloads in browser.
OTL, clicking link = new tab called about:blank tool downloads in browser.
at one point in this I opened a cloned tab so I could get the name of the page that JRT takes me too (bleepingcomputer). When this forum opened up it was stalled breifly by a message that said waiting for this to to load and waiting for that to load. This and That I assume are the redirectors that make the popups. instantly when these messages dissapeared, a popup box scrolled into the screen from the lower left with an ad. When I clicked the redX to close the ad, it opened a tab for the ad or an ad if it wasnt the same ad.

When do we get to the part about removing the harddrive and throwing it on a fire? with the freezes and popups, it took me, for example, atleast 30 minutes to make this post.

So with this insofar I'd have to say the behavior is still the same.

Thank you thus far for your time and effort on my behalf. Thank you.
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware