Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Chitika popup and ad popups taking over.... [Solved]


  • This topic is locked This topic is locked

#1
ASims1231

ASims1231

    New Member

  • Member
  • Pip
  • 4 posts
I need help on removing Chitika popups, FB ad popups, and other adyieldmanager/ad.xtendmedia pop ups. I have run Malwarebytes and Avast scan several times and they popups are still there. Any help you can walk me thru will be greatly appreciated as I am not a computer expert and am very frustrated on how to remove these popups. The only thing I was able to do was block some of the popups thru Avast, but the outline of the popups are still appearing with a small red X at the top right corner, showing that some are blocked but still on my computer somehow.

OTL logfile created on: 2/26/2013 1:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.00% Memory free
7.94 Gb Paging File | 5.07 Gb Available in Paging File | 63.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.57 Gb Total Space | 317.55 Gb Free Space | 70.01% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.65 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 13:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/20 17:50:48 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
PRC - [2012/04/20 17:50:48 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
PRC - [2012/04/20 16:28:02 | 002,213,712 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
PRC - [2011/11/29 18:11:58 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1224977867\ee\aolsoftware.exe
PRC - [2008/07/26 07:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 11:56:41 | 000,071,104 | ---- | M] () -- C:\Windows\CouponPrinter.ocx
MOD - [2012/04/20 17:50:49 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
MOD - [2012/04/20 17:50:43 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\Tier2Svc.dll
MOD - [2012/04/20 17:50:43 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\DataSvcs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/08/23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/25 16:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 15:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 15:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Start_Pending] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2008/07/26 07:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/26 07:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/07 23:11:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 18:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 18:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012/10/30 17:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/09/21 04:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/07/26 10:26:44 | 005,068,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2008/07/26 10:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 10:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/02/12 07:50:14 | 000,286,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 07:48:10 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 07:47:08 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/10/18 07:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/06/19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C0ECE5CB-9C33-4921-8CE7-4DB9DBF6B0CA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{CF5EDE18-3ADB-4C84-BB3D-2932E650AC0E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=19-10-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C0ECE5CB-9C33-4921-8CE7-4DB9DBF6B0CA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{CF5EDE18-3ADB-4C84-BB3D-2932E650AC0E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\15\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/16 14:20:55 | 000,000,000 | ---D | M]

[2013/02/06 22:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/01/01 19:51:39 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1054 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{355904A5-69CC-484C-82E4-6A04548FADE0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ecea33-fce1-11e1-bfab-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{13ecea33-fce1-11e1-bfab-00038a000015}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/25 12:10:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/24 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Toontown Online
[2013/02/24 14:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/02/24 14:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/02/23 18:18:51 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/02/23 18:15:45 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/02/23 18:15:43 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/02/23 18:15:22 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013/02/23 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/02/22 14:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/22 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/22 13:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/22 13:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/21 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/02/21 00:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013/02/16 20:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MR APP
[2013/02/16 20:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MR APP
[2013/02/14 15:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publix Preschool Pals
[2013/02/14 15:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Publix Preschool Pals
[2013/02/13 15:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/02/13 15:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/13 15:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/13 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2013/02/13 14:43:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TFP
[2013/02/13 14:42:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Torch
[2013/02/13 14:40:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MusicNet
[2013/02/13 14:35:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}
[2013/02/13 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware
[2013/02/06 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PerformerSoft
[2013/02/06 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 22:05:58 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/02/06 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/02/06 22:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout
[2013/02/06 22:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/06 22:05:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2013/02/02 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/02/02 10:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/26 13:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/26 13:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/26 12:30:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 12:30:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 10:30:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 10:30:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/25 13:14:53 | 000,000,565 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/25 12:30:32 | 000,000,184 | -H-- | M] () -- C:\IPH.PH
[2013/02/24 15:20:39 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Toontown Online.lnk
[2013/02/24 14:03:13 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/23 18:15:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/23 18:13:05 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/22 14:40:51 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/22 14:40:51 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/22 14:40:51 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/22 14:00:59 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/21 00:17:06 | 000,333,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 17:05:23 | 000,002,651 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2013/02/14 16:09:34 | 000,163,167 | ---- | M] () -- C:\Windows\Publix Preschool Pals Uninstaller.exe
[2013/02/14 16:09:34 | 000,001,904 | ---- | M] () -- C:\Users\User\Desktop\PublixPreschoolPals.lnk
[2013/02/14 15:36:39 | 065,119,971 | ---- | M] () -- C:\Users\User\Desktop\PublixPreschoolPals_Windows_Installer.exe
[2013/02/04 13:27:06 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2013/01/30 16:32:40 | 000,003,922 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/25 13:14:36 | 000,000,565 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/25 12:29:55 | 000,000,184 | -H-- | C] () -- C:\IPH.PH
[2013/02/24 15:20:39 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Toontown Online.lnk
[2013/02/24 14:03:13 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/23 18:13:05 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/22 14:00:59 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/14 15:38:29 | 000,001,904 | ---- | C] () -- C:\Users\User\Desktop\PublixPreschoolPals.lnk
[2013/02/14 15:38:28 | 000,163,167 | ---- | C] () -- C:\Windows\Publix Preschool Pals Uninstaller.exe
[2013/02/14 15:36:35 | 065,119,971 | ---- | C] () -- C:\Users\User\Desktop\PublixPreschoolPals_Windows_Installer.exe
[2012/07/02 11:02:28 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2012/07/02 11:02:27 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2012/07/02 10:39:05 | 000,016,606 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012/07/02 10:39:04 | 000,019,564 | ---- | C] () -- C:\Windows\hpoins01.dat
[2012/01/30 11:40:28 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/01/29 11:09:45 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat
[2011/12/25 08:31:21 | 000,000,852 | ---- | C] () -- C:\Users\User\AppData\Local\cookies.ini
[2011/11/26 18:37:07 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/12/14 09:56:22 | 000,005,114 | ---- | C] () -- C:\ProgramData\mpwkmhhb.yzx
[2009/08/03 11:16:46 | 000,005,077 | ---- | C] () -- C:\ProgramData\znaiigjn.uhh
[2009/01/15 12:43:07 | 000,004,900 | ---- | C] () -- C:\ProgramData\tuhpttzl.his
[2008/10/31 13:11:30 | 000,004,876 | ---- | C] () -- C:\ProgramData\powjnvfp.pmy
[2008/10/25 18:24:20 | 000,027,648 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/25 18:15:44 | 000,003,922 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2008/08/02 09:48:36 | 000,002,075 | ---- | C] () -- C:\Users\User\My HP Games.lnk

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/04 17:40:13 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2010/12/10 19:26:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Activision
[2011/06/28 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AlderGames
[2013/02/06 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2009/01/30 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Boomzap
[2012/10/15 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Catalina Marketing Corp
[2012/09/12 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverCure
[2012/11/13 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010/12/02 11:13:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eGames
[2009/02/10 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fabulous Finds
[2012/11/30 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Faerie Solitaire
[2009/04/04 11:24:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrimaStudio
[2009/04/20 09:16:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fuzzy Games
[2011/04/29 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gamelab
[2012/10/28 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GamesCafe
[2009/02/10 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Home Sweet Home 2
[2013/02/05 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin
[2009/02/14 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin_DressUpRush
[2009/02/20 17:31:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2013/02/13 14:40:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MusicNet
[2009/04/04 19:11:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2013/02/08 12:29:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PerformerSoft
[2009/02/09 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PetShowCraze
[2012/10/31 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
[2009/02/02 13:25:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pogo Games
[2010/08/01 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SBTT
[2009/08/21 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\School Zone Preferences
[2012/10/26 10:19:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Serif
[2012/09/12 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpeedyPC Software
[2012/10/28 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SulusGames
[2008/10/25 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2013/02/13 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TFP
[2009/12/13 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tuxmath
[2010/08/13 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2009/02/09 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ViquaSoft
[2012/11/04 16:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2008/11/22 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1195DB2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:94124B85
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3757C473
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:619D6FE6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BD41AB7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:354E094D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1E1407AE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3CBB9ED6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FDFD169D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9CAEE170
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C53D1D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:331AD5E9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F68280D1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:38760F1C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A3AB6321
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0CE9A430

< End of report >
  • 0

Similar Topics: Chitika popup and ad popups taking over.... [Solved]     x


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,593 posts
Hi there let me know if this fixes it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2013/02/06 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/02/06 22:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/06 22:05:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2009/12/14 09:56:22 | 000,005,114 | ---- | C] () -- C:\ProgramData\mpwkmhhb.yzx
[2009/08/03 11:16:46 | 000,005,077 | ---- | C] () -- C:\ProgramData\znaiigjn.uhh
[2009/01/15 12:43:07 | 000,004,900 | ---- | C] () -- C:\ProgramData\tuhpttzl.his
[2008/10/31 13:11:30 | 000,004,876 | ---- | C] () -- C:\ProgramData\powjnvfp.pmy

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
ASims1231

ASims1231

    New Member

  • Member
  • Pip
  • 4 posts
OTL logfile created on: 2/26/2013 3:47:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.60% Memory free
7.92 Gb Paging File | 6.23 Gb Available in Paging File | 78.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.57 Gb Total Space | 317.75 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.65 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 15:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/20 17:50:48 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
PRC - [2012/04/20 17:50:48 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
PRC - [2012/04/20 16:28:02 | 002,213,712 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1224977867\ee\aolsoftware.exe
PRC - [2008/07/26 07:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/20 17:50:49 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
MOD - [2012/04/20 17:50:43 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\Tier2Svc.dll
MOD - [2012/04/20 17:50:43 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\DataSvcs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/08/23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/25 16:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 15:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 15:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Start_Pending] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2008/07/26 07:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/26 07:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/07 23:11:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 18:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 18:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012/10/30 17:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/09/21 04:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/07/26 10:26:44 | 005,068,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2008/07/26 10:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 10:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/02/12 07:50:14 | 000,286,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 07:48:10 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 07:47:08 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/10/18 07:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/06/19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C0ECE5CB-9C33-4921-8CE7-4DB9DBF6B0CA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{CF5EDE18-3ADB-4C84-BB3D-2932E650AC0E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=19-10-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C0ECE5CB-9C33-4921-8CE7-4DB9DBF6B0CA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{CF5EDE18-3ADB-4C84-BB3D-2932E650AC0E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\15\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/16 14:20:55 | 000,000,000 | ---D | M]

[2013/02/06 22:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/01/01 19:51:39 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1054 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{355904A5-69CC-484C-82E4-6A04548FADE0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ecea33-fce1-11e1-bfab-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{13ecea33-fce1-11e1-bfab-00038a000015}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 15:33:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/26 15:32:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/25 12:10:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/24 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Toontown Online
[2013/02/24 14:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/02/24 14:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/02/23 18:18:51 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/02/23 18:15:45 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/02/23 18:15:43 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/02/23 18:15:22 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013/02/23 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/02/22 14:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/22 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/22 13:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/22 13:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/22 13:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/21 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/02/21 00:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013/02/16 20:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MR APP
[2013/02/16 20:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MR APP
[2013/02/14 15:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publix Preschool Pals
[2013/02/14 15:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Publix Preschool Pals
[2013/02/13 15:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/02/13 15:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/13 15:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/13 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2013/02/13 14:43:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TFP
[2013/02/13 14:42:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Torch
[2013/02/13 14:40:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MusicNet
[2013/02/13 14:35:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}
[2013/02/13 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware
[2013/02/06 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PerformerSoft
[2013/02/06 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 22:05:58 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/02/02 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/02/02 10:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/26 15:41:45 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 15:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 15:41:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 15:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/26 15:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/26 15:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/26 15:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/26 14:19:18 | 000,001,048 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/25 12:30:32 | 000,000,184 | -H-- | M] () -- C:\IPH.PH
[2013/02/24 15:20:39 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Toontown Online.lnk
[2013/02/24 14:03:13 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/23 18:15:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/23 18:13:05 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/22 14:40:51 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/22 14:40:51 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/22 14:40:51 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/22 14:00:59 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/21 00:17:06 | 000,333,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 17:05:23 | 000,002,651 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2013/02/14 16:09:34 | 000,163,167 | ---- | M] () -- C:\Windows\Publix Preschool Pals Uninstaller.exe
[2013/02/14 16:09:34 | 000,001,904 | ---- | M] () -- C:\Users\User\Desktop\PublixPreschoolPals.lnk
[2013/02/14 15:36:39 | 065,119,971 | ---- | M] () -- C:\Users\User\Desktop\PublixPreschoolPals_Windows_Installer.exe
[2013/02/04 13:27:06 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2013/01/30 16:32:40 | 000,003,922 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/25 13:14:36 | 000,001,048 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/25 12:29:55 | 000,000,184 | -H-- | C] () -- C:\IPH.PH
[2013/02/24 15:20:39 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Toontown Online.lnk
[2013/02/24 14:03:13 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/23 18:13:05 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/22 14:00:59 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/14 15:38:29 | 000,001,904 | ---- | C] () -- C:\Users\User\Desktop\PublixPreschoolPals.lnk
[2013/02/14 15:38:28 | 000,163,167 | ---- | C] () -- C:\Windows\Publix Preschool Pals Uninstaller.exe
[2013/02/14 15:36:35 | 065,119,971 | ---- | C] () -- C:\Users\User\Desktop\PublixPreschoolPals_Windows_Installer.exe
[2012/07/02 11:02:28 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2012/07/02 11:02:27 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2012/07/02 10:39:05 | 000,016,606 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012/07/02 10:39:04 | 000,019,564 | ---- | C] () -- C:\Windows\hpoins01.dat
[2012/01/30 11:40:28 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/01/29 11:09:45 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat
[2011/12/25 08:31:21 | 000,000,852 | ---- | C] () -- C:\Users\User\AppData\Local\cookies.ini
[2011/11/26 18:37:07 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2008/10/25 18:24:20 | 000,027,648 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/25 18:15:44 | 000,003,922 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2008/08/02 09:48:36 | 000,002,075 | ---- | C] () -- C:\Users\User\My HP Games.lnk

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/04 17:40:13 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2010/12/10 19:26:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Activision
[2011/06/28 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AlderGames
[2009/01/30 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Boomzap
[2012/10/15 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Catalina Marketing Corp
[2012/09/12 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverCure
[2012/11/13 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010/12/02 11:13:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eGames
[2009/02/10 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fabulous Finds
[2012/11/30 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Faerie Solitaire
[2009/04/04 11:24:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrimaStudio
[2009/04/20 09:16:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fuzzy Games
[2011/04/29 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gamelab
[2012/10/28 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GamesCafe
[2009/02/10 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Home Sweet Home 2
[2013/02/05 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin
[2009/02/14 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin_DressUpRush
[2009/02/20 17:31:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2013/02/13 14:40:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MusicNet
[2009/04/04 19:11:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2013/02/08 12:29:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PerformerSoft
[2009/02/09 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PetShowCraze
[2012/10/31 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
[2009/02/02 13:25:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pogo Games
[2010/08/01 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SBTT
[2009/08/21 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\School Zone Preferences
[2012/10/26 10:19:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Serif
[2012/09/12 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpeedyPC Software
[2012/10/28 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SulusGames
[2008/10/25 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2013/02/13 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TFP
[2009/12/13 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tuxmath
[2010/08/13 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2009/02/09 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ViquaSoft
[2012/11/04 16:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2008/11/22 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1195DB2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:94124B85
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3757C473
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:619D6FE6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BD41AB7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:354E094D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1E1407AE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3CBB9ED6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FDFD169D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9CAEE170
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C53D1D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:331AD5E9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F68280D1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:38760F1C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A3AB6321
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0CE9A430

< End of report >
  • 0

#4
ASims1231

ASims1231

    New Member

  • Member
  • Pip
  • 4 posts
This is the copy/paste below, wasn't able to attach as a file for some reason.

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 16:19:17
# Updated 23/02/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Guffins
Deleted on reboot : C:\Program Files (x86)\iWin
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[R1].txt - [11841 octets] - [24/02/2013 14:14:25]
AdwCleaner[R2].txt - [11518 octets] - [25/02/2013 13:12:32]
AdwCleaner[R3].txt - [2365 octets] - [26/02/2013 14:17:50]
AdwCleaner[R4].txt - [2276 octets] - [26/02/2013 16:18:34]
AdwCleaner[S1].txt - [397 octets] - [24/02/2013 14:15:46]
AdwCleaner[S2].txt - [10090 octets] - [25/02/2013 13:14:26]
AdwCleaner[S3].txt - [2494 octets] - [26/02/2013 14:18:54]
AdwCleaner[S4].txt - [2261 octets] - [26/02/2013 16:19:17]

########## EOF - C:\AdwCleaner[S4].txt - [2321 octets] ##########

Edited by ASims1231, 26 February 2013 - 03:39 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,593 posts
Could you run the Microsoft fixit on this page please and then run a fresh OTL quickscan
  • 0

#6
ASims1231

ASims1231

    New Member

  • Member
  • Pip
  • 4 posts
Thanks Essexboy you can close this post, you helped me out on the other forum.

I ran the Microsoft fixit and the fresh OTL and it worked!
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,593 posts
Was that at Avast ? Yep just checked :)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,593 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured