Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

remove recycler


  • Please log in to reply

#1
anasmm

anasmm

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 13/5/13 3:07:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yy

1014.04 Mb Total Physical Memory | 166.97 Mb Available Physical Memory | 16.47% Memory free
1.99 Gb Paging File | 1.01 Gb Available in Paging File | 50.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 16.27 Gb Free Space | 47.60% Space Free | Partition Type: NTFS
Drive D: | 36.52 Gb Total Space | 29.73 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
Drive E: | 40.99 Gb Total Space | 39.08 Gb Free Space | 95.34% Space Free | Partition Type: NTFS
Drive G: | 7.44 Gb Total Space | 7.44 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: SHAFI-PC | User Name: SHAFI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/13 15:06:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/04/10 04:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/03 08:07:49 | 000,169,096 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/04/03 08:07:25 | 001,483,912 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/03/13 08:06:09 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012/09/26 10:11:48 | 000,502,904 | ---- | M] (Acebyte) -- E:\New folder (3)\New folder\CleanGenius 3\CleanGeniusTray.exe
PRC - [2011/05/27 17:30:22 | 000,461,176 | -HS- | M] () -- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
PRC - [2011/05/27 17:30:22 | 000,461,176 | -HS- | M] () -- C:\Program Files\Windows Alerter\WinAlert.exe
PRC - [2011/05/27 17:30:22 | 000,461,176 | -HS- | M] () -- C:\Program Files\Windows Common Files\Commgr.exe
PRC - [2011/04/04 21:38:20 | 000,680,393 | RHS- | M] () -- C:\Users\SHAFI\AppData\Roaming\Microsoft\Office\rundll32.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/10 04:58:18 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 08:06:08 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012/09/26 09:59:18 | 000,154,704 | ---- | M] () -- E:\New folder (3)\New folder\CleanGenius 3\mlutil.dll
MOD - [2012/08/28 18:27:02 | 000,166,992 | ---- | M] () -- E:\New folder (3)\New folder\CleanGenius 3\NetReg.dll
MOD - [2012/08/28 18:26:16 | 000,080,976 | ---- | M] () -- E:\New folder (3)\New folder\CleanGenius 3\VersionInfo.dll
MOD - [2011/04/04 21:38:20 | 000,680,393 | RHS- | M] () -- C:\Users\SHAFI\AppData\Roaming\Microsoft\Office\rundll32.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/10 04:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 08:07:49 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/03/13 08:06:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/14 11:58:38 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 17:38:14 | 000,347,256 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 07:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/06 05:45:46 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/15 13:45:27 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/09/23 10:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 14:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 13:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 13:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 19:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 19:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 19:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 18:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/10/10 23:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2007/06/18 10:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/05 16:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D6CCD0E1-7699-46F0-84A3-C3B4DB3ED431}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=21/04/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=21/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=21/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...&doi=2013-05-13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...IN&dcc=IN&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 02 02 FA 94 43 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=21/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=21/04/2013
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKCU\..\SearchScopes,DefaultScope = {D6CCD0E1-7699-46F0-84A3-C3B4DB3ED431}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=21/04/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.claro-...00000234d1a2b3a
IE - HKCU\..\SearchScopes\{D6CCD0E1-7699-46F0-84A3-C3B4DB3ED431}: "URL" = http://search.condui...6921569813&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.search.as...doi=2013-05-13"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SHAFI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/27 20:35:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/27 20:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Extensions
[2013/05/13 08:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Firefox\Profiles\h454maxd.default\extensions
[2013/05/13 08:32:26 | 000,438,841 | ---- | M] () (No name found) -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Firefox\Profiles\h454maxd.default\extensions\toolbar_BCPA5@apn.ask.com.xpi
[2013/05/13 08:32:24 | 000,002,505 | ---- | M] () -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Firefox\Profiles\h454maxd.default\searchplugins\ask-search.xml
[2013/04/27 20:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 04:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/27 18:58:02 | 000,006,492 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/04/10 04:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.search.as...&doi=2013-05-13
CHR - plugin: First user (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Error reading preferences file
CHR - Extension: BrotherSoft Extreme2 B1 = C:\Users\SHAFI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp\10.15.2.523_0\

O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Ask Toolbar) - {42435041-3500-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA5\Passport.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {42435041-3500-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA5\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKLM..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKLM..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O4 - HKCU..\Run: [CleanGeniusTray] E:\New folder (3)\New folder\CleanGenius 3\CleanGeniusTray.exe (Acebyte)
O4 - HKCU..\Run: [Microsoft Windows] C:\Users\SHAFI\AppData\Roaming\Microsoft\Office\rundll32.exe File not found
O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.25.83.11 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2909850-879E-49A8-8E9B-B59C016394F7}: DhcpNameServer = 85.25.83.11 8.8.8.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/13 14:09:58 | 000,000,502 | RHS- | M] () - G:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/13 07:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/05/13 07:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/05/13 07:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/05/13 07:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/05/13 07:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/05/04 21:01:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/04 21:01:29 | 000,000,000 | -HSD | C] -- C:\Program Files
[2013/04/27 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\Mozilla
[2013/04/27 20:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/26 20:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UpdaterTool
[2013/04/26 20:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/04/26 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\SwvUpdater
[2013/04/26 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixiedj
[2013/04/26 15:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013/04/26 15:08:35 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\Autodesk
[2013/04/26 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\TuneUp Software
[2013/04/26 10:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/04/26 09:33:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/04/26 09:33:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/26 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\OpenCandy
[2013/04/25 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\Conduit
[2013/04/25 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\CRE
[2013/04/25 23:45:03 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\SearchProtect
[2013/04/25 21:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013/04/21 20:56:45 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\Saved Games\Documents\VideoOutput
[2013/04/21 20:56:45 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\Saved Games\Documents\Snapshot
[2013/04/21 20:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
[2013/04/21 20:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter
[2013/04/21 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\TrafficSpaceLLC
[2013/04/21 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\Saved Games\Documents\Video Download Converter
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/13 15:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/13 14:58:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 14:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/13 14:58:43 | 797,474,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/13 14:10:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 14:10:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 13:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/13 13:35:06 | 000,001,280 | ---- | M] () -- C:\Users\SHAFI\Desktop\Command Prompt.lnk
[2013/05/13 09:16:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2216878915-1752066510-112463547-1000UA.job
[2013/05/13 09:16:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2216878915-1752066510-112463547-1000Core.job
[2013/05/09 18:22:22 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/09 18:22:22 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/09 18:22:22 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/27 20:35:06 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/27 19:00:22 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/27 18:58:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\0
[2013/04/26 16:49:06 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/21 20:56:34 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\Video to Video.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/13 13:35:06 | 000,001,280 | ---- | C] () -- C:\Users\SHAFI\Desktop\Command Prompt.lnk
[2013/04/27 20:35:06 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/27 20:35:06 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/27 07:31:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\0
[2013/04/25 23:17:35 | 000,000,000 | ---- | C] () -- C:\END
[2013/04/21 20:56:34 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\Video to Video.lnk
[2013/03/31 10:48:30 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\CleanGenius3Free.dll
[2013/03/29 10:21:51 | 000,114,176 | ---- | C] () -- C:\Users\SHAFI\AppData\Roaming\BabMaint.exe
[2013/03/25 04:43:58 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/09 18:23:52 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/02/01 02:03:57 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

========== ZeroAccess Check ==========

[2013/04/26 20:49:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/26 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Autodesk
[2013/03/09 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\BabSolution
[2013/03/25 05:49:44 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Babylon
[2013/03/09 16:37:36 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\DSite
[2013/03/30 05:52:35 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Easy MP3 Recorder
[2013/03/25 09:19:20 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\GlarySoft
[2013/03/23 08:54:50 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\GoforFiles
[2013/03/09 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Maxthon3
[2013/03/09 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Mipony
[2013/04/26 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\OpenCandy
[2013/01/31 03:17:55 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Opera
[2013/04/25 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\SearchProtect
[2013/04/26 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\TuneUp Software
[2013/05/13 09:42:59 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Voxeet

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, anasmm and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.
  • 0

#3
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Please, follow these steps:

Step 1. Changing Chrome homepage.

Your current Chrome homepage is malicious.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you want.

Step 2. Uninstall Chrome extension.

  • Launch your Google Chrome browser.
  • In the address bar type the following:

    chrome:extensions
  • Extension list will appear.
  • Find there BrotherSoft Extreme2 B1 extension.
  • Click on the recycle bin icon near it (uninstall it).
  • Restart your browser.

Step 3. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 4. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2013/04/03 08:07:49 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...&doi=2013-05-13
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
    IE - HKCU\..\SearchScopes,DefaultScope = {D6CCD0E1-7699-46F0-84A3-C3B4DB3ED431}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=21/04/2013
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.claro-...00000234d1a2b3a
    IE - HKCU\..\SearchScopes\{D6CCD0E1-7699-46F0-84A3-C3B4DB3ED431}: "URL" = http://search.condui...6921569813&UM=2
    FF - prefs.js..browser.search.defaultengine: "Ask Search"
    FF - prefs.js..browser.search.defaultenginename: "Ask Search"
    FF - prefs.js..browser.search.order.1: "Ask Search"
    FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?l=dis&o=APN10478&gct=hp&apn_ptnrs=^AL3&apn_dtid=^YYYYYY^YY^IN&p2=^AL3^YYYYYY^YY^IN&tpid=BCPA5&apn_dbr=ff_20.0&apn_uid=0756CF78-ADA6-43B2-A6DE-79BE9F9055EE&itbv=11.8.1.235&doi=2013-05-13"
    [2013/05/13 08:32:26 | 000,438,841 | ---- | M] () (No name found) -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Firefox\Profiles\h454maxd.default\extensions\toolbar_BCPA5@apn.ask.com.xpi
    [2013/05/13 08:32:24 | 000,002,505 | ---- | M] () -- C:\Users\SHAFI\AppData\Roaming\Mozilla\Firefox\Profiles\h454maxd.default\searchplugins\ask-search.xml
    [2013/04/27 18:58:02 | 000,006,492 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Ask Toolbar) - {42435041-3500-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA5\Passport.dll (APN LLC.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {42435041-3500-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA5\Passport.dll (APN LLC.)
    O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O4 - HKLM..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
    O4 - HKLM..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
    O4 - HKLM..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
    O4 - HKCU..\Run: [Microsoft Windows] C:\Users\SHAFI\AppData\Roaming\Microsoft\Office\rundll32.exe File not found
    O4 - HKCU..\Run: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe ()
    O4 - HKCU..\Run: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe ()
    O4 - HKCU..\Run: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe ()
    [2013/05/13 07:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2013/05/13 07:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2013/05/13 07:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
    [2013/05/13 07:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
    [2013/05/13 07:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
    [2013/04/26 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\SwvUpdater
    [2013/04/26 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixiedj
    [2013/04/26 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\OpenCandy
    [2013/04/25 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2013/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\Conduit
    [2013/04/25 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Local\CRE
    [2013/04/25 23:45:03 | 000,000,000 | ---D | C] -- C:\Users\SHAFI\AppData\Roaming\SearchProtect
    [2013/03/09 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\BabSolution
    [2013/03/25 05:49:44 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Babylon
    [2013/03/09 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\Mipony
    [2013/03/25 09:19:20 | 000,000,000 | ---D | M] -- C:\Users\SHAFI\AppData\Roaming\GlarySoft
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • AdwCleaner's log
  • OTL log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP