Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ATTN: godawgs - Ex-gaming laptop won't play any games [Solved]


  • This topic is locked This topic is locked

#31
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Would you be so kind as to educate me on a few things? I have never saved/downloaded programs to the desktop and run from there. I always choose run instead of save. What is the difference?

If you choose the Run option when offered (I only get that option in IE, I have never used Chrome so I don't know about it, but FF only gives me the Save option) the program runs remotely from the site you are on and none of the setup or .exe files are saved locally to your computer. We don't want to do this with the tools we use because the chances are we're gonna need to run them multiple times...like OTL. Also the tools generate logs. The tools are written to save the logs where the program was run from....like the desktop, if you choose to Run the program from the download site I don't know if a log would even be generated because the program would tell it to save the log back to the location the tool was run from and there's no way that could be done.

We ask you to save to the desktop so it makes it easier for you to find the tool we want to run and because programs like OTL can automatically remove certain tools other than itself at cleanup. But only if the tools and logs are in the location they are supposed to be in.


Also, I have never run as administrator. Could you explain why that is important?

Well, when you log into Windows using an account with Administrator privileges you are, in effect, running everything as an administrator. Admin. privileges gives the user higher rights. As an example, you can not install most programs unless you do it from a user account with those privileges...Windows won't let the setup make the necessary changes to the registry, set up the services, register files, ect; without those higher privileges.

Right clicking a file and running as admin. was not an issue in XP because XP didn't have the User Account Control, or UAC. In Vista or 7 the UAC, depending on how it's configured, will pop up when you are about to do something that requires elevated privileges. When you click on Continue, if you aren't an Admin. the UAC will stop you from making changes to the system.

We give instructions that include right clicking on the file and selecting Run as Administrator because some of the tools won't even open unless this is done. And when run using the right click method some will bypass the UAC screen and go ahead and run.


Sometimes when you have me use OTL, you have me run as administrator and other times not.

I went back and checked all of my posts. The only time I times that I could find when I didn't include the right click instructions was when running an OTL FIX. That operates a little differently than the Scan, so I don't include it. If you can find any others, please let me know.


How would I know, if was running any type of program, if I should run as administrator or not (like when we downloaded the new Java)?

Like I said earlier, when you log into Windows from an account with Admin. privileges you are already running as an Admin.
Basically, if you try to install or update a program from an account that does not have Admin. privileges you will get a message saying you don't have privileges high enough to do that. And sometime, if you're running an older program, or a program that wasn't written well, it won't run unless you run it from an admin account.

Could you help me get rid of that stupid Babylon add-on/extension/search? I have tried and tried and I can never get it to stay away.

:confused: That's the first I've heard of Babylon being on the system. It didn't show up in any of the scans...but AdwCleaner found it. Looks like we're gonna have to have AdwCleaner kill it. But that means that it's gonna kill the SwagBucks toolbar also. You'll need to reinstall it. But if you could wait until we've finished to do that it might help.

I hope this was clear. If it wasn't or you have any other questions, let me know. :D

Would you allow me to update Flash now?

Yep, go ahead and update Flash. You will need to download Flash for both the IE browser and Other browsers.


Update Adobe Flash Player

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
  • Under Step 1, click the down arrow and choose your operating system.
  • Under Step 2, and select the browser you want to install FlashPlayer for.

    You will need to download and install each version of FlashPlayer seperately

  • Make sure to uncheck the install of the McAfee tool before downloading.
Please note, depending on your settings, you may have to temporarily disable your antivirus software.

I wanted to get your questions answered. I will be back with further instructions.
  • 0

Advertisements


#32
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Updating Flash did not help at all.

To clarify, yes I have to download programs in all browsers, but they are set to download to the downloads folder and not to the desktop. I was just wondering if placing them on the desktop did something special.
  • 0

#33
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Jules,

I was just wondering if placing them on the desktop did something special.

The big thing is it makes cleanup easier. And if everything is in one place there's less chanch that I will leave a tool or file on your computer.

Let's run AdwCleaner and see if that will take care of the Babylon toolbar. And AdwCleaner found a bunch of additional entries including folders for Conduit in the C:\Program Files folder which would lead you to believe that Conduit was installed on the system at some time, but it's not in the Extras.txt log file for programs installed on the computer. And OTL takes this list directly from the key that populated the installed programs in the Control Panel. It also found a user.js file in the root directory (C:\). That's not kosher....the user.js file is a file that a FF user can create containing preferences and settings for the FF program that will override the prefs.js file. But it should be in the FF profile folder. And it found a bunch of other bad stuff that has been added to the prefs.js file. Clearing this junk may well help with the problems with FF.


Step-1.

Re-run AdwCleaner Fix

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Deletion button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[S1].txt


Step-2

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:OTL
O15 - HKCU\..Trusted Domains: conduit.com ([www] http in Trusted sites)

:COMMANDS
[REBOOT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3

Things For Your Next Post:
1. The AdwCleaner[S1].txt
2. The OTL fixes log
3. The new OTL.txt log

Let me know what this did for the web page loading problem.
  • 0

#34
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
# AdwCleaner v2.000 - Logfile created 09/07/2012 at 23:05:34
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Dell 1525 - PINKDELL1525-PC
# Boot Mode : Normal
# Running from : C:\Users\Dell 1525\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Swag_Bucks
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\Dell 1525\AppData\Local\Conduit
Folder Deleted : C:\Users\Dell 1525\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dell 1525\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Dell 1525\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\ConduitCommon
Folder Deleted : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34EDC4CE-5503-405B-A127-85E1A2D3B49E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F82775B7-84F3-4491-BCEF-DF2E556378C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\Software\Swag_Bucks
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\prefs.js

C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\user.js ... Deleted !

Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.128958821111237507.APP_WIN_FEATURES", "savelocation=0,saveresizedsize=0,openpos[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Fri Jun 01 2012 08:25:48 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2260173.CurrentServerDate", "4-6-2012");
Deleted : user_pref("CT2260173.DSChangedManually", true);
Deleted : user_pref("CT2260173.DSInstall", true);
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Sat Jun 02 2012 14:17:26 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Mon Jun 04 2012 08:39:43 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Mon Jun 04 2012 08:24:43 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "30-10-2011");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HPInstall", false);
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.HomepageBeforeUnload", "www.yahoo.com");
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2260173.InstallationType", "Unknown");
Deleted : user_pref("CT2260173.InstalledDate", "Sun Oct 30 2011 14:45:31 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_3.10.0.1", "Tue Apr 17 2012 19:26:35 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.0.7", "Wed Apr 25 2012 21:37:18 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.2.3", "Wed May 30 2012 12:11:29 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.13.0.6", "Mon Jun 04 2012 08:24:57 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.7.0.6", "Mon Nov 07 2011 07:17:22 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.8.0.8", "Mon Dec 05 2011 16:07:40 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.8.1.0", "Thu Jan 05 2012 18:17:26 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Tue Mar 06 2012 09:15:47 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipShow", false);
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.RadioShrinked", "expanded");
Deleted : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2260173.SearchBoxWidth", 146);
Deleted : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchEngine", "Web%20Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEAR[...]
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Jun 03 2012 14:17:24 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Sun Jun 03 2012 22:37:15 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Wed May 30 2012 19:17:17 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2260173.ToolbarDisabled", false);
Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.UserID", "UN56655730908219344");
Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.approveUntrustedApps", false);
Deleted : user_pref("CT2260173.components.1000034", false);
Deleted : user_pref("CT2260173.components.1000080", true);
Deleted : user_pref("CT2260173.components.1000082", false);
Deleted : user_pref("CT2260173.components.1000234", false);
Deleted : user_pref("CT2260173.components.1007", true);
Deleted : user_pref("CT2260173.components.128940706283150316", false);
Deleted : user_pref("CT2260173.components.128940706522681543", false);
Deleted : user_pref("CT2260173.components.128941656432219667", false);
Deleted : user_pref("CT2260173.components.128958271477056519", false);
Deleted : user_pref("CT2260173.components.128958821111237507", true);
Deleted : user_pref("CT2260173.components.128962387831475966", false);
Deleted : user_pref("CT2260173.components.128993342947475250", false);
Deleted : user_pref("CT2260173.components.129137782531242622", false);
Deleted : user_pref("CT2260173.components.129623230533828087", false);
Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2260173.firstTimeDialogOpened", true);
Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2260173.fixUrls", true);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon May 28 2012 09:35:22 GMT-0500 (Central [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.isFirstRadioInstallation", false);
Deleted : user_pref("CT2260173.isNewTabEnabled", true);
Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2260173.keyword", true);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Deleted : user_pref("CT2260173.search.searchCount", "2");
Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344047317878");
Deleted : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1344047204664");
Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1344538821726");
Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344047317755");
Deleted : user_pref("CT2260173.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344538793685");
Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344047317825");
Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1344538802663");
Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1344538815714");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344047317701");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1344538821758");
Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1344538880022");
Deleted : user_pref("CT2260173.settingsINI", true);
Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Deleted : user_pref("CT2260173.startPage", "userChanged");
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Jun 03 2012 14:17:28 GMT-0500 (Central D[...]
Deleted : user_pref("CT2260173.toolbarBornServerTime", "30-10-2011");
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Fri Jun 01 2012 08:33:20 GMT-0500 (Central D[...]
Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "9-8-2012");
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dell 1525\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "868x49");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://toolbartv.swagbucks.com", "400x767");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 06 2011 11:55:45 GMT-0500 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "380726c5-1894-4cc8-95ec-1f4986ebd759");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 29 2012 21:49:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jun 03 2012 07:08:09 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8991f018-e33f-4f0a-98d3-d2bc2daf5ccd");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Swagbucks.com");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109932");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "542730fb00000000000000242b9376b6");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "542730fb00000000000000242b9376b6");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15412");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:15:52");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ClearCacheDate", 25);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DNSCatch", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DisplayEULA", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.FirstLaunchShown", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.LoadLayoutDate.60497", 25);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.MailLastCheckTime", 1335409879);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.RemoveAllData", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ShowRecommendedOptions", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.StateReportDate", "1335276063667");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.api.settings.fctoolbar51ef49d2624b41948b971c468[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeInstallSaved", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.homepage", "www.yahoo.com");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.search", "Swag%20Bucks%20Customiz[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.customNewTab", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.helpUsImprove", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.hideOthers", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.processAddrBar", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.remove_search", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.restoreSearch", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.searchHistory", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.session", "723F991665065E7E5CC6EA7A518C1A14C6FE[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.showFirstLaunchOptions", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tb_lang", "en");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tool_id", "60497");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_id", "77349769");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_key", "12e2713317c6e9476626d4990360d3df264[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_layouts", "60497");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_lnames", "MyPoints%20Point%20Finder");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_IDcid2799617", "USIL1173");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_namecid2799617", "Topeka%2C%20[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.yahooSearch", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 9);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 8);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1344450870128");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "www.yahoo.com");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Swagbucks.com");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "260552511");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "0694605F65CBD5331F7F50AA5095C038C366[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "79611621");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "3fb3105a9676779b3275587a6b673e13cb0[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30745 octets] - [07/09/2012 10:36:47]
AdwCleaner[S1].txt - [31660 octets] - [07/09/2012 23:05:34]

########## EOF - C:\AdwCleaner[S1].txt - [31721 octets] ##########
  • 0

#35
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\conduit.com\www\ deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.59.1 log created on 09072012_231626
  • 0

#36
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
OTL logfile created on: 9/7/2012 11:22:14 PM - Run 6
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 78.83% Memory free
6.98 Gb Paging File | 6.24 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 22.92 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dell 1525\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Rovi Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (RoxioNow Service) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Rovi Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 62 C9 88 74 83 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{1266438C-0AD6-4514-9483-5668E03A0461}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 17:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/02 14:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]

[2011/10/05 10:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Extensions
[2012/09/02 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions
[2011/11/29 19:59:08 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/07/14 09:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 17:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/09/02 14:55:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/02 17:52:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/14 09:06:56 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DELL 1525\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PLI5VIUT.DEFAULT\EXTENSIONS\[email protected]
[2012/07/24 17:35:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/24 17:34:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/24 17:34:52 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([player] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 15:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/05 08:40:00 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Dell 1525\Desktop\FSS.exe
[2012/09/05 08:16:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/04 12:39:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/03 19:30:43 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/12 15:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/12 15:09:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/12 15:09:45 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/12 15:09:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/12 15:09:36 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/12 15:09:34 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/12 15:09:31 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/12 15:08:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/12 15:08:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files - Modified Within 30 Days ==========

[2012/09/07 23:27:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:25:16 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:25:16 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 23:17:11 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 22:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/07 22:45:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/07 21:39:34 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/07 10:35:13 | 000,511,265 | ---- | M] () -- C:\Users\Dell 1525\Desktop\adwcleaner.exe
[2012/09/07 08:18:54 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/05 08:39:37 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Dell 1525\Desktop\FSS.exe
[2012/09/04 12:48:12 | 000,000,512 | ---- | M] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/09/04 12:38:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/09/02 14:55:48 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/02 14:55:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/01 14:48:37 | 000,002,480 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/08/20 22:44:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/15 09:38:17 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 18:19:51 | 000,001,337 | ---- | M] () -- C:\Users\Dell 1525\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 15:02:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/12 15:02:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/12 15:02:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job

========== Files Created - No Company Name ==========

[2012/09/07 10:35:44 | 000,511,265 | ---- | C] () -- C:\Users\Dell 1525\Desktop\adwcleaner.exe
[2012/09/04 12:48:12 | 000,000,512 | ---- | C] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/08/12 15:09:48 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/08 16:09:03 | 000,007,605 | ---- | C] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/03 23:36:32 | 000,033,134 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/04/04 13:32:08 | 000,001,848 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2011/12/02 20:10:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/02 20:10:18 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/05 12:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/05 12:27:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/04 20:40:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\CMS Application Updater.job
[2012/09/07 08:18:54 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/07 21:39:34 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/05/11 16:30:33 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:32A82570

< End of report >
  • 0

#37
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Just quickly, I went through my 4 browsers and so far Chrome, FF and Safari seem to be good. IE still won't load the page correctly. I browse around some more and will probably not post again until Saturday morning.
  • 0

#38
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
This morning, some pages are not loading. I have been trying to think of a page that would give you a good example and I guess this one will have to do, even though only one part of the page is not loading. It will not totally load in all 4 browsers. www.widgetbox.com/widget/swidget-10. If you go to that page, there will be a black and white box prominently displayed with the word "SWAG BUCKS" at the top. I can not get this box to load in any browser. The rest of the page loads normally.
  • 0

#39
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
It sounds like it's better...except for IE
Which browser are you talking about for the Widget site?
In FF I don't see a prominent black and white box. This is how the page looks for me:

  • 0

#40
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
It won't load in any browser. In your screenshot, right where the circle is going around is where the black and white box should be. I don't have any problems loading it on any other computer in the house, except for this one we are working on now.
  • 0

Advertisements


#41
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
This is what it should look like.

swidget.jpg
  • 0

#42
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The box doesn't load on my FF because I have scripts disabled for the sites needed to show the box contents.

Let's stick with FF.

Open the FF browser.
1. Click the FF tab at the top of the browser or if you use the Menu bar click Tools and then click options.
2. On the options page click the Content icon at the top of the conslole
3. Make sure there is a check mark in the box beside Enable JavaScript, then click the Advanced button out to the right.
4. On the JavaScript Settings page make sure there is a check mark in the Move or resize popup windows box and the Disable or replace context menus box.
5. Click the Privacy icon and make sure there is a check mark in the Accept cookies from sites box and the Accept third-party cookies.
6. Click the Advanced icon. Under the General tab in the Browsing section make sure there is a check mark in the Use autoscrolling box and the Use hardware acceleration when available box
7. If you had to check any of the boxes on any of the windows, click the OK button. Then close FF and re-open it and see if the box on the Widget site will load.

If it still doesn't load you can check all of the FF settings on the computer that isn't working properly against the FF settings on a computer that does work.

If the settings are the same, start FF on the ailing computer in safe mode and see if that resolves the problem. Starting FF in safe mode temporarily resets some settings and temporarily disables all extensions and themes.

Go to this FF page for instructions on how to start FF in safe mode and troubleshoot extensions.

If the problem is still there in safe mode click the links under the The problem happens in Safe Mode section and follow the trouble shooting tips there.

If the problems are still there my last two suggestions are:

1. Create a new profile and see if that solves it
2. Totaly remove (not just uninstall) the FF program and reinstall it
  • 0

#43
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
All I can say is UGH! :wacko:

Problems were not solved in FF safe mode. Compared two computers and there are very few differences.

GreenDell (Vista) - everything works-------------- PinkDell (Windows 7)- we are working on
FF version 15.0.1 --------- FF version 16.0 beta
No Quicktime --------- Has Quicktime
(Add-on) Windows Performance Foundation --------- Does not have
(Extension) Microsoft .NET Framework Assistant --------- Does not have

I uninstalled and removed all personal profiles. Doubled check by looking for %APPDATA%\Mozilla\Firefox\Profiles, which was not found. Also deleted C:\Program Files\Mozilla. Did I miss anything?

Downloaded FF 15.0.1, instead of 16.0 Beta version. Double checked all settings. Page still does not load.

I am starting to get looney over this, as I bet you are, too.

I even updated Realplayer as I hadn't done that yet and months ago it had a security issue in FF.

If I reinstall Windows 7, what are the chances that the problems would go away? Have we eradicated all viruses/malware now? What about returning Windows 7 back to factory settings? Would that matter or possibly solve this problem?

Edited by Jules4me, 08 September 2012 - 08:10 PM.

  • 0

#44
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I uninstalled and removed all personal profiles. Doubled check by looking for %APPDATA%\Mozilla\Firefox\Profiles, which was not found. Also deleted C:\Program Files\Mozilla. Did I miss anything?

The C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox folder
All C:\WINDOWS\Prefetch\FIREFOX* files
Plus the old FF registry entries.
But don't remove them now.

Since you reinstalled FF what plugins do you have now?

If I reinstall Windows 7, what are the chances that the problems would go away?

Theoretically, reformatting and reinstalling windows should clear the problem. That said, I'm not sure how Windows 7 was put on this machine. And I had a member who did a factory restore which should have put the computer back to the state it was when purchased, yet the problem was still there.

Have we eradicated all viruses/malware now?

Yes, the logs are clean. But I want to run a scan with a little bigger tool to see if we missed anything.

What about returning Windows 7 back to factory settings? Would that matter or possibly solve this problem?

I don't think you can do that. From what I understand this machine originally had Vista on it. If you can still use the factory restore partition or restore CD's, the machine would return to Vista.

Before you make that decision why don't you let me run this problem by one of my Tech colleagues?


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable Anti-Virus


Step-2.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-3.

Things For Your Next Post:
1. The ComboFix log
2. The Checkup.txt log
  • 0

#45
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I apparently did not delete enough for Firefox, because when I installed it and checked the plug-ins, they were exactly the same as before.

If it matters, I have the CD to reload Windows 7. My brother sent it to me several months ago when I originally thought I was going to have to reinstall Windows 7. I just never did it.


ComboFix 12-09-09.02 - Dell 1525 09/09/2012 18:48:35.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3574.2738 [GMT -5:00]
Running from: c:\users\Dell 1525\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 23:58 . 2012-09-09 23:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-09 23:58 . 2012-09-09 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 13:15 . 2012-09-09 13:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BC7D46-7E77-41A0-BFD4-BCD36D6FE52D}\offreg.dll
2012-09-09 01:59 . 2012-09-09 02:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-09 00:01 . 2012-09-09 00:01 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-07 13:23 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BC7D46-7E77-41A0-BFD4-BCD36D6FE52D}\mpengine.dll
2012-09-06 20:16 . 2012-09-06 20:16 -------- d-----w- c:\program files\Common Files\Java
2012-09-06 20:15 . 2012-09-06 20:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 13:16 . 2012-09-05 13:16 -------- d-----w- C:\_OTL
2012-08-21 03:44 . 2012-08-21 03:44 -------- d-----w- c:\program files\Common Files\Skype
2012-08-15 13:06 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 13:06 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 13:06 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 13:06 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:06 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 13:06 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 13:06 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 20:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 20:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-12 20:09 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-12 20:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-12 20:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-12 20:09 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 20:08 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-12 20:08 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 00:00 . 2012-06-03 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-09 00:00 . 2012-01-04 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-08 03:03 . 2012-04-01 23:14 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 03:03 . 2011-10-05 13:48 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 20:15 . 2012-07-01 18:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-06 20:15 . 2011-10-06 17:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 18:46 . 2011-10-26 19:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 14:59 . 2012-07-02 14:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-20 16:56 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-09-06 01:27 . 2012-09-09 01:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-09 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 18:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-09 00:00 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:03]
.
2012-08-12 c:\windows\Tasks\CMS Application Updater.job
- c:\program files\CMS Products\Updater\CmsUpdater.exe [2012-03-13 18:28]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
- c:\users\Dell 1525\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 03:45]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
- c:\users\Dell 1525\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: swagbucks.com\player
Trusted Zone: swagbucks.com\www
TCP: DhcpNameServer = 10.236.230.98
TCP: Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\67crp8yp.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-Facebook Update - c:\users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{37E984C0-D9FA-439C-8279-D5EFB625B898}"=hex:51,66,7a,6c,4c,1d,38,12,ae,87,fa,
33,c8,97,f2,06,fd,6f,96,af,b3,7b,fc,8c
"{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}"=hex:51,66,7a,6c,4c,1d,38,12,36,fe,fc,
b8,a7,83,da,c5,be,f7,a7,69,22,bd,1e,c0
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"=hex:51,66,7a,6c,4c,1d,38,12,b8,aa,cd,
8f,50,21,85,00,f1,ff,c9,c1,aa,53,6b,80
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{0C6FE940-7788-4F1C-B735-B7657C04A763}"=hex:51,66,7a,6c,4c,1d,38,12,2e,ea,7c,
08,ba,39,72,0a,c8,23,f4,25,79,5a,e3,77
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{A9C85A36-FE15-7344-7578-A7E8EAF18473}"=hex:51,66,7a,6c,4c,1d,38,12,58,59,db,
ad,27,b0,2a,36,0a,6e,e4,a8,ef,af,c0,67
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1e,74,38,52,73,7a,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 19:06:44
ComboFix-quarantined-files.txt 2012-09-10 00:06
ComboFix2.txt 2012-06-06 03:47
.
Pre-Run: 22,838,063,104 bytes free
Post-Run: 22,504,755,200 bytes free
.
- - End Of File - - 7F275F67031623E3DF258005E7FB2463
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP