Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

once again needing assistance removing motivebrowser.exe [Closed]

Started by timelord1371 , Oct 10 2012 04:34 PM

  • This topic is locked This topic is locked

#16
CompCav
Posted 16 October 2012 - 01:36 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Thanks and at this point I would uninstall what you do not want and on the one you want to keep please uninstall and reinstall so it is running from proper location, not your downloads folder.


Step 2.

clear.fi is an Acer official product. It is explained here. Further details on it are on the Acer website here. This is a feature that appeared because things were working correctly for it to appear.


Step 3.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it


Step 4.

Reopen your copy of OTL
Select Scan All Users and 64 bit
Click Quick Scan
A single log will be produced, OTL.txt.


Step 5.

Please post:

AdwCleaner log
OTL.txt

Give me an update on the current issues with your computer.
  • 0

Advertisements

#17
timelord1371
Posted 18 October 2012 - 04:38 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i think what may have happened is i was moving files around trying to get rid of all the desktop clutter and put the tru crypt in wrong area. about to run the instructions you gave me
  • 0

#18
timelord1371
Posted 18 October 2012 - 05:05 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL log:



OTL logfile created on: 10/18/2012 5:48:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.79% Memory free
3.71 Gb Paging File | 2.55 Gb Available in Paging File | 68.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.19 Gb Free Space | 78.60% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/14 11:48:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/17 10:52:08 | 002,752,472 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe
PRC - [2012/02/11 03:45:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/20 13:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/08 08:12:03 | 000,115,184 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 07:58:40 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/20 21:32:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 00:48:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120910
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.5.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 21:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/21 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 02:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/30 03:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 18.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components [2012/10/08 19:30:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 18.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins

[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Extensions
[2012/10/03 00:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions
[2012/09/27 13:20:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/09/30 03:43:41 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/09/01 00:34:24 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/10/03 00:27:12 | 000,573,138 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/09/30 06:03:18 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/09/12 00:50:37 | 000,010,316 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml
[2012/10/03 00:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 02:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/10/13 02:33:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug2.dll
[2012/03/03 17:52:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug3.dll
[2012/03/03 17:52:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug4.dll
[2012/03/03 17:52:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug5.dll
[2012/03/03 17:52:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug6.dll
[2012/03/03 17:52:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug7.dll
[2012/03/03 17:52:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug8.dll
[2012/03/03 17:52:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\plug9.dll
[2012/09/26 01:43:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/26 01:43:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/20 19:18:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 12:35:38 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\trojan tools
[2012/10/14 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\ccleaner
[2012/10/14 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\RK reports
[2012/10/14 12:19:57 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\aswMBR reports
[2012/10/14 11:48:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/10/08 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightly
[2012/10/08 16:58:44 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\Doctor Who 1-11
[2012/09/30 21:19:34 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\{1CB27159-D654-4BF8-84AD-28DBE566ECBF}
[2012/09/30 21:19:33 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\{28886574-5E42-49AA-82C2-75F19AEBFF98}
[2012/09/25 03:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/09/25 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2012/09/25 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2012/09/25 02:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
[2012/09/25 02:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/25 01:38:15 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\SpeedyPC Software
[2012/09/25 01:38:15 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\DriverCure
[2012/09/25 01:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/23 20:48:56 | 023,759,265 | ---- | C] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tor-browser-2.2.39-1_en-US.exe
[2012/09/22 00:05:09 | 000,000,000 | ---D | C] -- C:\MATS
[2012/09/20 19:18:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 02:44:30 | 000,000,000 | ---D | C] -- C:\nothappy
[2012/06/23 13:55:19 | 023,748,738 | ---- | C] (Igor Pavlov) -- C:\Users\Timelord\tor-browser-2.2.37-1_en-US.exe

========== Files - Modified Within 30 Days ==========

[2012/10/18 17:51:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/18 17:51:08 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/18 17:51:08 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/18 17:45:44 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/10/18 17:45:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 17:45:35 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 17:40:28 | 000,538,941 | ---- | M] () -- C:\Users\Timelord\Desktop\adwcleaner.exe
[2012/10/18 01:50:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 00:41:49 | 000,000,218 | ---- | M] () -- C:\Users\Timelord\.recently-used.xbel
[2012/10/14 12:15:40 | 000,000,512 | ---- | M] () -- C:\Users\Timelord\Desktop\MBR.dat
[2012/10/14 11:48:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/10/12 20:26:22 | 000,006,098 | ---- | M] () -- C:\Users\Timelord\Desktop\images.jpg
[2012/10/12 16:58:21 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 16:58:21 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 21:41:38 | 000,005,320 | ---- | M] () -- C:\Users\Timelord\Desktop\cc_20121008_214133.reg
[2012/10/08 19:30:21 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/10/08 15:45:21 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/10/05 09:55:41 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/10/03 00:27:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/25 03:36:19 | 000,001,973 | ---- | M] () -- C:\Users\Timelord\Desktop\Update Checker.lnk
[2012/09/25 02:55:11 | 000,001,114 | ---- | M] () -- C:\Users\Timelord\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2012/09/25 02:55:11 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/09/23 20:49:58 | 023,759,265 | ---- | M] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tor-browser-2.2.39-1_en-US.exe
[2012/09/22 00:37:44 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 19:18:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012/10/18 17:45:44 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/10/18 17:40:11 | 000,538,941 | ---- | C] () -- C:\Users\Timelord\Desktop\adwcleaner.exe
[2012/10/18 01:50:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 00:41:49 | 000,000,218 | ---- | C] () -- C:\Users\Timelord\.recently-used.xbel
[2012/10/12 20:26:20 | 000,006,098 | ---- | C] () -- C:\Users\Timelord\Desktop\images.jpg
[2012/10/12 15:52:44 | 000,000,512 | ---- | C] () -- C:\Users\Timelord\Desktop\MBR.dat
[2012/10/08 21:41:35 | 000,005,320 | ---- | C] () -- C:\Users\Timelord\Desktop\cc_20121008_214133.reg
[2012/10/08 19:30:21 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/10/08 19:30:21 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/09/25 03:36:19 | 000,001,973 | ---- | C] () -- C:\Users\Timelord\Desktop\Update Checker.lnk
[2012/09/25 02:55:11 | 000,001,114 | ---- | C] () -- C:\Users\Timelord\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2012/09/25 02:55:11 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/09/22 00:37:44 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/11 15:52:36 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/09/10 12:27:58 | 000,007,667 | ---- | C] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/06/24 02:25:45 | 000,006,035 | ---- | C] () -- C:\Users\Timelord\cassidy.asc
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/31 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Bitcoin
[2012/09/25 01:38:15 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\DriverCure
[2012/06/04 21:03:48 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Electrum-P
[2012/10/18 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gnupg
[2012/10/18 00:18:37 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gtk-2.0
[2012/07/13 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\poclbm
[2012/05/05 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\PowerCinema
[2012/09/26 00:38:00 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\SpeedyPC Software
[2012/04/19 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\TrueCrypt
[2012/10/04 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/31 22:35:36 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä
[2012/05/31 22:35:36 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä

< End of report >



ADwcleaner log


# AdwCleaner v2.005 - Logfile created 10/18/2012 at 17:43:53
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Timelord - TARDIS
# Boot Mode : Normal
# Running from : C:\Users\Timelord\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\browsermngr_prefs.js
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Timelord\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Timelord\AppData\Local\Software
Folder Deleted : C:\Users\Timelord\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Timelord\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\prefs.js

C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110185&tt=3712_6");
Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "12");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "19ECD77DCA888DE7127FB357C34DC39C");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.hrdid", "d408b2ff000000000000d0df9ad1756a");
Deleted : user_pref("extensions.BabylonToolbar.id", "d408b2ff000000000000d0df9ad1756a");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15595");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.instlday", "15595");
Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");
Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.120:04:35");
Deleted : user_pref("extensions.BabylonToolbar.lastdp", 12);
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");
Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srch", "");
Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.120:04:35");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.120:04:35");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110185&tt=3712_6");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.120:04:35");

*************************

AdwCleaner[R1].txt - [7092 octets] - [18/10/2012 17:42:14]
AdwCleaner[S1].txt - [6992 octets] - [18/10/2012 17:43:53]

########## EOF - C:\AdwCleaner[S1].txt - [7052 octets] ##########
  • 0

#19
CompCav
Posted 18 October 2012 - 05:57 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I see a proxy, did you set that up on purpose?

What are your current issues with your computer?
  • 0

#20
timelord1371
Posted 22 October 2012 - 06:24 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i have used proxies yes. Issues are getting the system cleaned out because there seems to be so many unknown accounts and similar all in my system. Things getting permissions that I am constantly finding. I just want to get control again.
  • 0

#21
CompCav
Posted 22 October 2012 - 08:35 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK please rerun OTL
Select Scan All Users and include 64-bit scan
Then click Quick Scan
It will produce a fresh OTL.txt


Please post:

OTL.txt

Please give me an example of a permission that is an issue so that we fix the proper area.
  • 0

#22
CompCav
Posted 27 October 2012 - 08:27 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP