2013-07-17

I had this problem before and it is now back with a vengeance. Every time I try to turn off my Dell laptop it just starts up again (the disc drive makes the noise like it is trying to receive a disc), wiping all saved usernames and passwords. and every time, I have to reinstall Flash Player.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

garysmithafc :: LAPTOP [administrator]

17/07/2013 09:47:08

mbam-log-2013-07-17 (09-47-08).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 386669

Time elapsed: 1 hour(s), 41 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\garysmithafc\Music\Now Thats What I Call Music 82 (2012) - 2CD [tL]\Key for RAR file.exe (Trojan.AutoIt) -> Quarantined and deleted successfully.

(end)

OTL logfile created on: 17/07/2013 12:10:28 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\garysmithafc\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.81% Memory free

6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.26 Gb Total Space | 126.53 Gb Free Space | 57.45% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.71 Gb Free Space | 47.13% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\garysmithafc\Downloads\OTL.exe (OldTimer Tools)

PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

PRC - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit)

PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe ()

PRC - C:\ProgramData\DataCardService\HWDeviceService.exe ()

PRC - C:\ProgramData\DataCardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe Systems Incorporated)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe ()

SRV - (HWDeviceService.exe) -- C:\ProgramData\DataCardService\HWDeviceService.exe ()

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- system32\drivers\TfSysMon.sys File not found

DRV - (TfNetMon) -- C:\Windows\system32\drivers\TfNetMon.sys File not found

DRV - (TfFsMon) -- system32\drivers\TfFsMon.sys File not found

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found

DRV - (sarlgabl) -- C:\Windows\system32\drivers\sarlgabl.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found

DRV - (cpuz132) -- C:\Users\GARYSM~1\AppData\Local\Temp\cpuz132\cpuz1 32_x32.sys File not found

DRV - (byeslebu) -- C:\Windows\system32\drivers\byeslebu.sys File not found

DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)

DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)

DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)

DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...e7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searc...earch&AF=18827

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?cl...4-D369965D2873

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...=1I7DKUK_en-GB

IE - HKCU\..\SearchScopes\{96A9E1EC-B58E-4562-BAE7-F79E71ACEF34}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\..\SearchScopes\{9BCE324A-85C7-4461-A177-5C43111827FD}: "URL" = http://uk.search.yahoo.com/search?p=...-8&fr=chr-yie9

IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispa...d=80150&lng=en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searc...earch&AF=18827"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18827"

FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18827&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636 .dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\garysmithafc\AppData\Local\Yahoo!\Browser Plus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012/05/26 17:50:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\ [2013/04/02 17:50:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2013/04/02 17:50:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/25 13:29:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 13:29:34 | 000,000,000 | ---D | M]

[2010/04/01 12:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Exte nsions

[2013/07/05 21:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Fire fox\Profiles\w8lqr85o.default\extensions

[2010/09/20 19:05:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Fire fox\Profiles\w8lqr85o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/07/05 21:38:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Fire fox\Profiles\w8lqr85o.default\extensions\ascsurfin gprotection@iobit.com

[2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Fire fox\Profiles\w8lqr85o.default\searchplugins\askcom .xml

[2013/04/11 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/06 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/09/05 00:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF

[2013/04/10 07:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/10/19 01:33:11 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2012/10/19 01:33:18 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2013/04/02 17:49:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011/05/08 12:14:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2013/04/10 07:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/04/10 07:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instant ExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoo gleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.d ll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf 32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPl ayer\loader\npUnity3D32.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\garysmithafc\AppData\Local\Yahoo!\Browser Plus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: RealDownloader = C:\Users\garysmithafc\AppData\Local\Google\Chrome\ User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.1_0\

CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\garysmithafc\AppData\Local\Google\Chrome\ User Data\Default\Extensions\nfengeggddojhakldhlpjdlddg kkjkdd\1.0.0_0\

O1 HOSTS File: ([2011/05/29 23:39:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: [] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0

O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: blank ([]about in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Reg Error: Value error.)

O16 - DPF: {D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3} https://cdn4.userzoom.com/s/ie/f2/UserZoom.cab (Reg Error: Value error.)

O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://cdn4.userzoom.com/s/ie/UserZoom.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EE50384C-B309-483F-BD71-F3BFC7743A08}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found

O24 - Desktop WallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\In ternet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\In ternet Explorer\Internet Explorer Wallpaper.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Advanced SystemCare 6 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

MsConfig - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)

MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

MsConfig - StartUpReg: OutpostMonitor - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 0

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/13 01:43:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

[2013/07/12 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp36166A73-3FC9-2B9B-FD84-F3920972C80F-Signatures

[2013/07/11 13:17:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/07/11 13:17:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/07/11 12:01:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/07/11 12:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/07/11 12:01:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/07/11 12:01:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/07/11 12:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/07/11 12:01:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/07/11 12:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/07/11 12:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/07/11 09:19:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/07/11 09:19:07 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/07/11 09:19:06 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/07/11 09:19:06 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/07/11 09:19:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/07/11 09:19:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/07/11 09:19:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/07/11 09:19:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/07/11 09:19:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/07/11 09:19:04 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2013/07/11 09:19:03 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2013/07/06 00:06:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/07/06 00:06:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/07/03 15:23:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs

[2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer

[2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer

[2013/06/19 10:07:31 | 000,000,000 | ---D | C] -- C:\Users\garysmithafc\AppData\Local\{F32B9B11-3C51-4271-97EA-D7AB6DFD2C77}

[2013/06/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller

[2013/06/17 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/17 12:09:15 | 016,037,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/07/17 12:09:15 | 008,161,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/07/17 12:05:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/07/17 12:05:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/07/17 12:03:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/17 12:02:32 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2013/07/17 12:02:32 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.001

[2013/07/17 12:02:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/17 12:02:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/17 12:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/17 12:02:11 | 3217,145,856 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/17 12:01:25 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013/07/17 11:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/13 09:09:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/07/12 19:09:19 | 000,007,808 | ---- | M] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat

[2013/07/12 19:08:52 | 000,000,199 | ---- | M] () -- C:\Users\garysmithafc\Desktop\bet365 - Online Sports Betting.url

[2013/07/12 14:03:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0 041000920.job

[2013/07/12 09:14:47 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/07/11 12:45:04 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/07/06 00:06:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/07/06 00:06:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/07/06 00:06:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/07/06 00:06:05 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2013/07/05 21:37:56 | 000,001,040 | ---- | M] () -- C:\Users\garysmithafc\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk

[2013/07/05 21:37:56 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk

[2013/06/25 13:29:32 | 000,000,031 | -H-- | M] () -- C:\Windows\UKCpInfo.sys

[2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys

[2013/06/17 20:58:47 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/16 18:32:14 | 3217,145,856 | -HS- | C] () -- C:\hiberfil.sys

[2013/07/12 14:03:50 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0 041000920.job

[2013/07/05 21:43:23 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2013/06/25 13:29:32 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys

[2013/06/17 20:58:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie

[2013/05/20 16:22:51 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll

[2013/05/20 16:22:51 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll

[2013/05/20 16:09:59 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll

[2013/05/20 16:09:59 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin

[2013/05/20 16:09:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini

[2012/05/24 13:23:28 | 000,000,033 | ---- | C] () -- C:\Windows\System32\machine.ini

[2010/07/22 20:39:28 | 000,000,642 | ---- | C] () -- C:\Users\garysmithafc\AppData\Roaming\wklnhst.dat

[2010/06/28 00:04:39 | 000,052,942 | ---- | C] () -- C:\Program Files\EULA.eng

[2009/11/19 13:36:07 | 000,007,808 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat

[2009/11/18 21:02:09 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/11/18 21:02:08 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/11/18 20:22:47 | 000,029,184 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/27 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\AnvSoft

[2009/11/19 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\com.adobe.ma uby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\DriverCure

[2013/05/20 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\EPSON

[2011/05/14 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\GetRightToGo

[2010/04/06 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\iCopyExpert

[2013/04/26 01:02:36 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\IObit

[2011/09/23 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Keynote Systems

[2012/08/27 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Leawo

[2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Livestation

[2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Mchid

[2012/05/16 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia

[2010/04/12 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia Ovi Suite

[2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\ParetoLogic

[2009/11/20 23:07:19 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\PC Suite

[2011/06/16 00:55:12 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Publish Providers

[2011/05/17 23:15:44 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\RegistryKeys

[2011/06/16 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Sony

[2012/05/26 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile

[2013/04/24 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile Internet Manager

[2010/07/22 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Template

[2010/07/09 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Tific

[2013/05/14 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\uTorrent

[2010/10/21 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: WDC WD2500BEVS-75UST0

Partitions: 4

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 125.00MB

Starting Offset: 32256

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 10.00GB

Starting Offset: 132120576

Hidden sectors: 0

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 220.00GB

Starting Offset: 10869538816

Hidden sectors: 0

DeviceID: Disk #0, Partition #3

PartitionType: Extended w/Extended Int 13

Bootable: False

BootPartition: False

PrimaryPartition: False

Size: 2.00GB

Starting Offset: 247373758464

Hidden sectors: 0

< %SYSTEMDRIVE%\*.* >

[2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/07/25 04:47:05 | 000,005,055 | RH-- | M] () -- C:\dell.sdr

[2013/07/17 12:02:11 | 3217,145,856 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/26 10:19:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/09/26 10:19:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/07/24 20:10:05 | 000,026,927 | ---- | M] () -- C:\newfile.enc

[2008/07/24 20:10:05 | 000,026,927 | ---- | M] () -- C:\newkey

[2013/07/17 12:02:09 | 3533,000,704 | -HS- | M] () -- C:\pagefile.sys

[2011/05/24 15:46:17 | 000,038,454 | ---- | M] () -- C:\RPSetup.exe.log

[2012/05/25 19:06:49 | 000,001,502 | ---- | M] () -- C:\SoftUpdateLog.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.d ll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >

[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2010/01/17 18:15:28 | 000,052,942 | ---- | M] () -- C:\Program Files\EULA.eng

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2947BEA

< End of report >

Show more