Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.yeildmanager removal [Closed]

Started by mom2dacl , Jun 02 2013 10:23 AM

  • This topic is locked This topic is locked

#1
mom2dacl
Posted 02 June 2013 - 10:23 AM

mom2dacl

    Member

  • Member
  • PipPip
  • 19 posts
I am trying to get rid of ad.yieldmanager on my computer. I have tried sybot s&d and ad-aware antivirus, with no luck. I have another malware that puts links in regular websites and one that has a pop-up with coupons. I have 2 teens that also share this computer, but I try to make sure they are not downloading files. Apparently they have! Any help on getting rid of these is greatly appreciated.

OTL Extras logfile created on: 6/2/2013 10:24:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 51.80% Memory free
5.75 Gb Paging File | 3.88 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 183.36 Gb Free Space | 63.95% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1616691C-42B0-4B5D-BE9D-A50BC2AA88B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{20435B27-E906-40DE-8521-5CADA1B48340}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{228F9CD5-6D04-405C-91BD-ACCFA095E8E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{2EC7B26E-1346-43A6-B4C0-D1CF7A46C586}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3123FA88-9CA3-4CD4-B29E-3066F1A59887}" = rport=138 | protocol=17 | dir=out | app=system |
"{3453AAA6-D327-454F-B232-F4B34B727A78}" = lport=137 | protocol=17 | dir=in | app=system |
"{38B85D40-168A-4FEC-A25C-74A200B11196}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FB1C05C-40DB-49EF-8450-FD97F0471CB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47ED249A-1B33-44B5-A853-5283C95FBD32}" = rport=137 | protocol=17 | dir=out | app=system |
"{48A6B900-5E9A-447C-98DC-8E3C4ACC2625}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56278329-44B2-4C6B-A6A6-55A55BC6FF17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{578813E6-BB07-4780-9662-759507CD854A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F598156-8870-4082-A843-0A0E9C6D6354}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8C6776F0-2018-497A-B6B4-6026577C6B13}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9672CEB8-096D-4B79-8DA0-8200A223963D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A8C88D50-9CC5-4407-85B8-F66C2B3EA149}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB46C2B6-FA55-4EE8-9601-5FC294C5408B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0276AE3-98D7-45DB-AAE4-27BDDD315473}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD843F0A-F9A7-4FDE-9CE8-B9E4D8D61736}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5821FA7-291A-4542-BBDF-08A2139ECD5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E64CEE2E-3F45-4B1C-944A-F4909EBB1AB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F29AD1D9-4426-45BC-93B9-6D207248DE3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F683310C-3AD0-4581-9538-F3C3C74F991F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85A0D02-6DA5-4694-AF1D-475A10017234}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D0018-C1AB-41EC-9845-48CDBBECC580}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{00516A98-BBB2-4EFD-ACB2-2E5A794675F7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{011F006C-90E5-4DCB-96B8-4E237B0F2C55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{03E9708D-EA33-4457-B2E5-4B30136FF306}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03F49ED1-EA78-4D8C-B8F7-3D6B812DE2D8}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{065137A4-09C9-4FDE-A949-470BD0A9AC3C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{13EBACDB-2FCC-4935-838A-B8D08E01494F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{158FF4AC-A677-4B3D-BF4B-72FCC8D5BA74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{192BAE89-3715-4156-9E5D-B21E4D2AE93F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24B80B77-844C-452E-9B11-6FD5E1CDC30C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2903F068-6801-419F-83A1-7C35A74D8EA0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2996E274-D547-4C02-9F73-4A47F57451CC}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{29B14869-D066-4B5A-9417-78771B213D66}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{2DD57C2E-6B7F-4001-A2E0-E3916CA01F0D}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2F2D702F-A010-45E0-ABF2-898DA59FBE73}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B86D229-D7E0-4B76-959A-86AB341ECA84}" = protocol=1 | dir=out | [email protected],-28544 |
"{3F7D21ED-FB00-41BB-8389-43DD6BDD20E4}" = protocol=6 | dir=in | app=c:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe |
"{41733DAE-7C69-4B5F-B1FF-754636B1947B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{41D3965B-08E7-46B8-9DB8-0AC76B0FD2FE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{4483AFAA-B023-4446-BACE-D6F04BD1D966}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{496FECD1-EAD9-40C6-A0BE-3EE04B7CF5E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AF7EC42-3645-48C5-8653-F6BCFB9C6921}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55150C3D-207A-466E-B0CF-0945774E9353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{597605F0-45B8-479E-9ADB-F632DD02CA93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BD003A5-4E04-4F03-966B-F3F22CE4A744}" = protocol=58 | dir=out | [email protected],-28546 |
"{5BE4A9A9-AB60-4ED3-94A8-A3FDA19E9835}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6A8D4ECE-4244-47D1-9E33-974A04B49F82}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{6EAA3046-14B0-46FB-9A1D-48CB18F4544E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{74BA126D-E190-4F54-9C35-E94FE9627C28}" = protocol=1 | dir=in | [email protected],-28543 |
"{7F3FB200-7FD9-46D6-A51D-3E068CD5ED42}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{84A7EC73-E11C-48FF-BABB-192526AED1D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{88BFF825-1B1F-4111-9114-58270B0A4AF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{915B3B48-6B0A-4660-9A75-2961585FAA77}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{992EF86A-1BBA-4802-B54F-D6326A8E2723}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED519F9-08E1-4DEE-8B0F-B586BB9B597F}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{A4F9EDB8-547A-43A3-A4A7-046AABCDBE52}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ABAD32E5-B77D-4D76-9798-DA5901EABF91}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{BDB9B0DE-B303-4D20-B67F-537F2466312A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C0BA934C-C926-4B6B-9419-E7529382FAA4}" = protocol=17 | dir=in | app=c:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe |
"{CAF20F82-4A40-4778-BF55-B7780072A1D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4729F5-B53D-4A96-8AD8-53D250C3AD32}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{D11C275D-4A44-4213-9A98-AE8D00C35790}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB3B76DE-FE52-48BA-97F9-F3136697F7D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E25298A0-4D4C-40A6-AF00-5DDBB6DB72BA}" = protocol=6 | dir=out | app=system |
"{EA19AD2B-802B-4E5D-9649-0E99D04ECE5B}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{F641C0D6-2815-4D4B-855A-D32F3107637B}" = protocol=58 | dir=in | [email protected],-28545 |
"{FF2F7075-4B28-4FF4-84AE-8286EA77023E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{28240F47-6E93-4E96-AB09-59AB067EECA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{4E2CAB9F-14D0-4266-A4A9-AA0D06FCCCA4}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{818CC4CF-94AD-4AFF-A279-0B04A6A92BB8}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A34920C7-854E-4EC7-BAA7-D65A333505F7}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B3DDEB49-3B25-4003-B2AD-08076DE31F52}C:\users\dean\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dean\appdata\local\akamai\netsession_win.exe |
"TCP Query User{CB7E5442-40A4-42F1-B09F-4D02B3E8F05D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D1135454-008A-4E57-9E5B-47C1CF5D0FFC}C:\users\dean\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dean\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2ADA8EE4-14F1-482F-8ABC-413095CD245E}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{363843DB-A07E-443E-AD64-20168049BB86}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5243742B-92A3-40CC-BBCA-3190CF3CFBE1}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5AA4EDE1-B6ED-42C4-98CB-514D170966BB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{ACCB7545-A4E4-4CCD-A3F4-E3DBAD032A6F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D4115764-CB33-42DE-8330-00D6E4DF0FC5}C:\users\dean\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dean\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E9EF89F0-FA36-488E-B7E6-0FD54C01A8FB}C:\users\dean\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dean\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{E3D98871-36D1-492B-95B4-AB8BC64E1E4C}" = ACER ICONIA TAB Driver Installation
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"55A28800-614C-47F2-A956-9D85A4E10922_is1" = Shin Megami Tensei Imagine
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar2 Toolbar" = BitTorrentBar2 Toolbar
"CCleaner" = CCleaner
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"InstallShield_{E3D98871-36D1-492B-95B4-AB8BC64E1E4C}" = ACER ICONIA TAB Driver Installation
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MediaHuman YouTube to MP3 Converter_is1" = MediaHuman YouTube to MP3 Converter version 2.4.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.7
"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 12.1.0
"PRJPRO" = Microsoft Office Project Professional 2007
"Shin Megami Tensei - Imagine Online" = Shin Megami Tensei - Imagine Online
"Steam App 440" = Team Fortress 2
"Sumotori Dreams" = Sumotori Dreams
"VISPRO" = Microsoft Office Visio Professional 2007
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2013 8:40:47 AM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/27/2013 10:52:29 AM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/27/2013 3:48:48 PM | Computer Name = Computer-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.74.87.19 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a4c Start
Time: 01ce5acb19777860 Termination Time: 83 Application Path: C:\Program Files\Steam\Steam.exe

Report
Id: 62ef0921-c706-11e2-8674-00248c9d2640

Error - 5/27/2013 3:49:23 PM | Computer Name = Computer-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.74.87.19 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c18 Start
Time: 01ce5b1335f8ef80 Termination Time: 141 Application Path: C:\Program Files\Steam\Steam.exe

Report
Id: 84b95d81-c706-11e2-8674-00248c9d2640

Error - 5/27/2013 3:52:14 PM | Computer Name = Computer-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.74.87.19 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 166c Start
Time: 01ce5b138874a0b0 Termination Time: 0 Application Path: C:\Program Files\Steam\Steam.exe

Report
Id: e6643411-c706-11e2-8674-00248c9d2640

Error - 5/28/2013 6:08:25 PM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/28/2013 9:40:05 PM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/30/2013 6:36:06 PM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/30/2013 8:13:37 PM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/31/2013 9:22:00 PM | Computer Name = Computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Acer Inc\acer
iconia tab\Win7\ADB\x64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/21/2011 3:24:27 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 2:24:27 PM - Error connecting to the internet. 2:24:27 PM - Unable
to contact server..

Error - 12/23/2011 4:09:19 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 3:09:19 PM - Error connecting to the internet. 3:09:19 PM - Unable
to contact server..

Error - 12/23/2011 4:09:30 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 3:09:24 PM - Error connecting to the internet. 3:09:24 PM - Unable
to contact server..

Error - 12/28/2011 10:48:28 AM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 9:48:12 AM - Error connecting to the internet. 9:48:12 AM - Unable
to contact server..

Error - 12/28/2011 12:39:39 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 11:39:38 AM - Error connecting to the internet. 11:39:38 AM - Unable
to contact server..

Error - 12/28/2011 1:39:55 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 12:39:54 PM - Error connecting to the internet. 12:39:54 PM - Unable
to contact server..

Error - 12/28/2011 6:22:52 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 5:22:52 PM - Error connecting to the internet. 5:22:52 PM - Unable
to contact server..

Error - 12/28/2011 6:22:58 PM | Computer Name = Computer-PC | Source = MCUpdate | ID = 0
Description = 5:22:57 PM - Error connecting to the internet. 5:22:57 PM - Unable
to contact server..

[ OSession Events ]
Error - 11/14/2012 9:13:11 AM | Computer Name = Computer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 91
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/14/2012 9:50:19 AM | Computer Name = Computer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 442
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/1/2013 6:02:06 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBT service which
failed to start because of the following error: %%2

Error - 6/1/2013 7:20:27 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = The NetBT service failed to start due to the following error: %%2

Error - 6/1/2013 7:20:27 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBT service which
failed to start because of the following error: %%2

Error - 6/1/2013 8:23:50 AM | Computer Name = Computer-PC | Source = DCOM | ID = 10010
Description =

Error - 6/2/2013 9:11:36 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = The NetBT service failed to start due to the following error: %%2

Error - 6/2/2013 9:11:36 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBT service which
failed to start because of the following error: %%2

Error - 6/2/2013 10:29:33 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = The NetBT service failed to start due to the following error: %%2

Error - 6/2/2013 10:29:33 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBT service which
failed to start because of the following error: %%2

Error - 6/2/2013 10:29:42 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7000
Description = The NetBT service failed to start due to the following error: %%2

Error - 6/2/2013 10:29:42 AM | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBT service which
failed to start because of the following error: %%2


< End of report >

OTL logfile created on: 6/2/2013 10:24:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 51.80% Memory free
5.75 Gb Paging File | 3.88 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 183.36 Gb Free Space | 63.95% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/17 22:39:29 | 003,093,624 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2013/05/16 19:27:26 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/16 09:54:56 | 000,942,504 | ---- | M] (Lavasoft) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/14 21:57:54 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/03/12 03:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/01/04 17:31:52 | 000,102,056 | ---- | M] (Visicom Media Inc.) -- C:\Program Files\adawaretb\ffHelper.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 19:27:25 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/14 21:57:53 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/05/16 19:27:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 21:58:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/05 03:29:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...F416451A89F267D
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC DD 3A 9D 98 FD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B656461ef-40f6-4115-9ff1-bced9812ccbb%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54141
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/05/17 23:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/31 09:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/16 19:27:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/31 09:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/16 19:27:18 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/05/31 09:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/05/15 15:26:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/12 10:46:41 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
[2013/05/31 09:01:47 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/04/15 20:07:31 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]
[2012/09/25 10:27:18 | 000,005,369 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/01/07 14:43:21 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2012/04/15 20:07:18 | 000,003,915 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\searchplugins\sweetim.xml
[2013/05/16 19:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/16 19:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/16 19:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/16 19:27:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/17 23:04:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/15 14:53:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/05/13 08:12:06 | 000,000,644 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml

O1 HOSTS File: ([2013/06/01 06:26:03 | 000,447,858 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15378 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitTorrentBar2 Toolbar) - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar2 Toolbar) - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar2 Toolbar) - {656461EF-40F6-4115-9FF1-BCED9812CCBB} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Computer\AppData\Roaming\94B7C\9D264.exe) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 06:03:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\LavasoftStatistics
[2013/05/31 14:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/05/31 09:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/05/31 09:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/05/31 09:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/05/31 09:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/31 09:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/05/31 09:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/05/31 09:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013/05/31 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adawarebp
[2013/05/31 09:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/31 09:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/05/31 09:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/05/31 08:58:51 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/31 08:58:50 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/31 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2013/05/31 08:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/31 08:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/31 08:56:01 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/05/31 08:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/31 08:55:24 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Programs
[2013/05/29 16:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 13:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
[2013/05/26 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/05/26 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/26 22:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/05/18 12:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlus Online
[2013/05/18 11:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\raptr
[2013/05/18 11:54:14 | 000,000,000 | ---D | C] -- C:\Atlus Online
[2013/05/17 23:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
[2013/05/17 22:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\gravitysensation.com
[2013/05/16 19:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/13 15:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/13 15:42:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/05/13 15:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/05/13 15:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/11 08:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2013/06/02 10:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1031511220-1319934591-3059643299-1002UA.job
[2013/06/02 09:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/02 09:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 09:23:24 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 09:19:57 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1031511220-1319934591-3059643299-1002Core.job
[2013/06/02 09:16:05 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/06/02 09:11:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/01 06:26:03 | 000,447,858 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/31 08:58:50 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/31 08:56:10 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/31 07:52:16 | 000,017,838 | ---- | M] () -- C:\Users\Computer\Documents\cc_20130531_075212.reg
[2013/05/30 17:38:26 | 000,002,229 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 16:20:08 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/27 19:58:27 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 19:58:26 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 11:11:23 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 11:11:23 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/26 22:09:58 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/26 21:51:36 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/17 23:04:50 | 000,000,062 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/17 23:04:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/05/15 03:32:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/12 19:50:50 | 000,000,632 | RHS- | M] () -- C:\Users\Computer\ntuser.pol
[2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/05/09 04:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 04:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/05/31 09:02:31 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/05/31 08:56:10 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/31 08:56:10 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/31 07:52:13 | 000,017,838 | ---- | C] () -- C:\Users\Computer\Documents\cc_20130531_075212.reg
[2013/05/30 17:38:26 | 000,002,229 | ---- | C] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 16:20:08 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 15:33:26 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 15:33:25 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/26 22:09:58 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 18:47:32 | 000,002,202 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ldr.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 14:39:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/16 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\7CB76
[2011/11/18 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\94B7C
[2013/06/02 09:12:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2013/05/31 07:49:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitTorrent
[2011/12/15 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Catalina Marketing Corp
[2011/11/15 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\cF3pnG5aQ6W7
[2011/11/17 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Goodsol
[2011/11/16 15:00:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\iXwjUCelIrPyA
[2011/11/16 15:00:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kuvS2obF3m5Q6W8
[2011/11/15 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\lSS22ibD3pnG4Q6
[2011/11/15 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\qRL9gTXqjCkVzNx
[2011/11/15 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\qVVrlBtxP0yc1io
[2011/11/15 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\uaaaQHH6s
[2011/11/15 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\VWWWK77fEL9TqjC
[2011/11/17 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinAVI
[2011/10/15 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinBatch
[2011/11/16 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\xZZqqjYYCwIVrON

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB30471$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements

#2
Jasmyne
Posted 02 June 2013 - 11:16 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

I am currently reviewing your logs and will be back soon with instructions.
  • 0

#3
Jasmyne
Posted 02 June 2013 - 12:50 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a teenager and an eight year old that is way too computer literate so I know all too well how things that aren't supposed to get downloaded appear on computers. (And most of the time no one has a clue how they got there!) :) A few things before we start removal steps.

I have noticed in your logs that you currently have two antivirus programs running (Ad-Aware Antivirus and Avast!). Having two antivirus programs not only hogs system resources, but many times they conflict with each other and the detection rates are worse, not better. Both are good antivirus programs, so keep which ever one you would like and please uninstall the other one.

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.
[/list]
----------------------------
Now that's out of the way, lets get started :)

Step 1 - Run RogueKiller

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2 - Run AdwCleaner
  • Download AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 3 - OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...F416451A89F267D
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC DD 3A 9D 98 FD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275
FF - prefs.js..extensions.enabledAddons: %7B656461ef-40f6-4115-9ff1-bced9812ccbb%7D:3.18.0.7
[2013/02/12 10:46:41 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
[2012/04/15 20:07:31 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]
[2012/09/25 10:27:18 | 000,005,369 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/01/07 14:43:21 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/04/15 20:07:18 | 000,003,915 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\searchplugins\sweetim.xml
[2011/12/15 14:53:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitTorrentBar2 Toolbar) - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar2 Toolbar) - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar2 Toolbar) - {656461EF-40F6-4115-9FF1-BCED9812CCBB} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
[2013/05/31 09:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2011/11/16 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\7CB76
[2011/11/18 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\94B7C
[2011/12/15 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Catalina Marketing Corp
[2011/11/15 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\cF3pnG5aQ6W7
[2011/11/16 15:00:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\iXwjUCelIrPyA
[2011/11/16 15:00:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kuvS2obF3m5Q6W8
[2011/11/15 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\lSS22ibD3pnG4Q6
[2011/11/15 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\qRL9gTXqjCkVzNx
[2011/11/15 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\qVVrlBtxP0yc1io
[2011/11/15 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\uaaaQHH6s
[2011/11/15 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\VWWWK77fEL9TqjC
[2011/11/16 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\xZZqqjYYCwIVrON

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Please check the box next to Scan All Users
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. RogueKiller Logs
2. AdwCleaner Log
3. OTL Fix Log
4. New OTL Log
  • 0

#4
mom2dacl
Posted 04 June 2013 - 07:28 AM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the Rouge killer files. I also removed Bittorrent from the computer. I have to go to work, so I will do the next steps tonight when I get home. Thank you for your help!!!!!




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Computer [Admin rights]
Mode : Scan -- Date : 06/04/2013 09:16:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1031511220-1319934591-3059643299-1002[...]\Run : MusicManager ("C:\Users\Dean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Users\Computer\AppData\Roaming\94B7C\9D264.exe) [x] -> FOUND
[SHELL][SUSP PATH] HKUS\S-1-5-21-1031511220-1319934591-3059643299-1000[...]\Winlogon : Shell (explorer.exe,C:\Users\Computer\AppData\Roaming\94B7C\9D264.exe) [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] $NtUninstallKB30471$ : C:\Windows\$NtUninstallKB30471$ --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] fcbb47e2521b3a31d3e5957a77df3731
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 293610 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 601521795 | Size: 11531 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_06042013_02d0916.txt >>
RKreport[1]_S_06042013_02d0916.txt


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Computer [Admin rights]
Mode : Remove -- Date : 06/04/2013 09:19:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe) [7] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1031511220-1319934591-3059643299-1002[...]\Run : MusicManager ("C:\Users\Dean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Users\Computer\AppData\Roaming\94B7C\9D264.exe) [x] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB30471$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] 1934207801 : C:\Windows\$NtUninstallKB30471$\1934207801 [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\Windows\$NtUninstallKB30471$\2645289644\Desktop.ini [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB30471$\2645289644\L --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB30471$\2645289644\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB30471$\2645289644 --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB30471$ --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] fcbb47e2521b3a31d3e5957a77df3731
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 293610 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 601521795 | Size: 11531 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06042013_02d0919.txt >>
RKreport[1]_S_06042013_02d0916.txt ; RKreport[2]_D_06042013_02d0919.txt


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Computer [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/04/2013 09:24:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 574 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 468 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3]_SC_06042013_02d0924.txt >>
RKreport[1]_S_06042013_02d0916.txt ; RKreport[2]_D_06042013_02d0919.txt ; RKreport[3]_SC_06042013_02d0924.txt
  • 0

#5
Jasmyne
Posted 04 June 2013 - 08:08 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

Here are the Rouge killer files. I also removed Bittorrent from the computer. I have to go to work, so I will do the next steps tonight when I get home. Thank you for your help!!!!!


Hope you have a great day at work and you're welcome!
  • 0

#6
mom2dacl
Posted 04 June 2013 - 06:18 PM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v2.301 - Logfile created 06/04/2013 at 20:10:59
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Computer - COMPUTER-PC
# Boot Mode : Normal
# Running from : C:\Users\Computer\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Computer\Desktop\sweetpcfix.url
File Deleted : C:\Users\Dean\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\Users\Chris\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chris\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2p50msef.default\adawaretb
Folder Deleted : C:\Users\Computer\AppData\Local\Conduit
Folder Deleted : C:\Users\Computer\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Computer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Computer\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\adawaretb
Folder Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\ConduitCommon
Folder Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\CT3045275
Folder Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
Folder Deleted : C:\Users\Dean\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Dean\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\0m1cn37t.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\prefs.js

C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\user.js ... Deleted !

Deleted : user_pref("CT3045275..clientLogIsEnabled", false);
Deleted : user_pref("CT3045275..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3045275..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3045275.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3045275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3045275.BrowserCompStateIsOpen_129642293130788232", true);
Deleted : user_pref("CT3045275.BrowserCompStateIsOpen_130055933872007228", true);
Deleted : user_pref("CT3045275.BrowserCompStateIsOpen_1359634299000", true);
Deleted : user_pref("CT3045275.CTID", "CT3045275");
Deleted : user_pref("CT3045275.CurrentServerDate", "5-6-2013");
Deleted : user_pref("CT3045275.DSInstall", false);
Deleted : user_pref("CT3045275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3045275.DialogsGetterLastCheckTime", "Thu May 30 2013 17:39:19 GMT-0400 (Eastern Standa[...]
Deleted : user_pref("CT3045275.DownloadReferralCookieData", "");
Deleted : user_pref("CT3045275.EMailNotifierPollDate", "Sat Jun 30 2012 19:42:10 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT3045275.FeedLastCount129541806417675859", 167);
Deleted : user_pref("CT3045275.FeedPollDate129313974171006416", "Sat Jun 30 2012 19:42:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313975698350231", "Sat Jun 30 2012 19:42:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313976370850190", "Sat Jun 30 2012 19:42:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313976648818968", "Sat Jun 30 2012 19:42:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313977444757117", "Sat Jun 30 2012 19:42:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313980389131455", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313980655381977", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313980886163259", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313981234756535", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313983226631720", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedPollDate129313983607725691", "Sat Jun 30 2012 19:42:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT3045275.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT3045275.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT3045275.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT3045275.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT3045275.FirstServerDate", "1-7-2012");
Deleted : user_pref("CT3045275.FirstTime", true);
Deleted : user_pref("CT3045275.FirstTimeFF3", true);
Deleted : user_pref("CT3045275.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3045275.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3045275.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3045275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3045275.HPInstall", false);
Deleted : user_pref("CT3045275.HasUserGlobalKeys", true);
Deleted : user_pref("CT3045275.Initialize", true);
Deleted : user_pref("CT3045275.InitializeCommonPrefs", true);
Deleted : user_pref("CT3045275.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3045275.InstallationId", "fftD3F.tmp.exe");
Deleted : user_pref("CT3045275.InstallationType", "XPE");
Deleted : user_pref("CT3045275.InstalledDate", "Sat Jun 30 2012 19:42:10 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3045275.IsGrouping", false);
Deleted : user_pref("CT3045275.IsInitSetupIni", true);
Deleted : user_pref("CT3045275.IsMulticommunity", false);
Deleted : user_pref("CT3045275.IsOpenThankYouPage", false);
Deleted : user_pref("CT3045275.IsOpenUninstallPage", false);
Deleted : user_pref("CT3045275.LanguagePackLastCheckTime", "Tue Jun 04 2013 09:13:32 GMT-0400 (Eastern Standar[...]
Deleted : user_pref("CT3045275.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3045275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3045275.LastLogin_3.13.0.6", "Tue Jul 17 2012 12:04:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3045275.LastLogin_3.14.1.0", "Tue Aug 28 2012 10:11:16 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3045275.LastLogin_3.15.1.0", "Sun Jan 20 2013 06:08:40 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3045275.LastLogin_3.16.0.3", "Tue Feb 12 2013 07:56:05 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3045275.LastLogin_3.18.0.7", "Tue Jun 04 2013 20:07:57 GMT-0400 (Eastern Standard Time)[...]
Deleted : user_pref("CT3045275.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT3045275.Locale", "en");
Deleted : user_pref("CT3045275.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3045275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3045275.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3045275.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3045275.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3045275.SearchCaption", "BitTorrentBar2 Customized Web Search");
Deleted : user_pref("CT3045275.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3045275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT304[...]
Deleted : user_pref("CT3045275.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3045275.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3045275.SearchInNewTabLastCheckTime", "Tue Jun 04 2013 09:00:55 GMT-0400 (Eastern Stand[...]
Deleted : user_pref("CT3045275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3045275.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3045275.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3045275.ServiceMapLastCheckTime", "Tue Jun 04 2013 09:13:31 GMT-0400 (Eastern Standard [...]
Deleted : user_pref("CT3045275.SettingsLastCheckTime", "Tue Jun 04 2013 20:07:56 GMT-0400 (Eastern Standard Ti[...]
Deleted : user_pref("CT3045275.SettingsLastUpdate", "1370333525");
Deleted : user_pref("CT3045275.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3045275&SearchSource=13");
Deleted : user_pref("CT3045275.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3045275.ThirdPartyComponentsLastCheck", "Fri Jun 29 2012 19:27:34 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT3045275.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3045275.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3045275.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3045275");
Deleted : user_pref("CT3045275.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3045275.UserID", "UN11123349063548666");
Deleted : user_pref("CT3045275.WeatherNetwork", "");
Deleted : user_pref("CT3045275.WeatherPollDate", "Sat Jun 30 2012 19:42:20 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3045275.WeatherUnit", "C");
Deleted : user_pref("CT3045275.alertChannelId", "1436844");
Deleted : user_pref("CT3045275.autoDisableScopes", -1);
Deleted : user_pref("CT3045275.backendstorage.cbfirsttime", "536174204A756E20333020323031322031393A34323A32322[...]
Deleted : user_pref("CT3045275.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3045275.globalFirstTimeInfoLastCheckTime", "Fri Jun 29 2012 19:27:47 GMT-0400 (Eastern [...]
Deleted : user_pref("CT3045275.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3045275.initDone", true);
Deleted : user_pref("CT3045275.myStuffEnabled", true);
Deleted : user_pref("CT3045275.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3045275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3045275.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3045275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3045275.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3045275.revertSettingsEnabled", true);
Deleted : user_pref("CT3045275.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3045275.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3045275.testingCtid", "");
Deleted : user_pref("CT3045275.toolbarAppMetaDataLastCheckTime", "Tue Jun 04 2013 09:01:00 GMT-0400 (Eastern S[...]
Deleted : user_pref("CT3045275.toolbarContextMenuLastCheckTime", "Sat Jun 30 2012 19:42:15 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3045275.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3045275/CT3045275[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3045275", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3045275",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"126[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Computer\\AppData\\Roaming\\Mozilla[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3045275");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3045275");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3045275");
Deleted : user_pref("CommunityToolbar.globalUserId", "c1bd88bc-dac0-4cd7-a7a4-5abbcca2ee16");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3045275");
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 29 2012 19:27:35 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.userId", "3fda2010-19ea-4535-a621-fd7905e7c79f");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("extensions.4f87498cb1bf7.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.5061c02ebbcfe.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

File : C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\0m1cn37t.default\prefs.js

[OK] File is clean.

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2p50msef.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18539 octets] - [04/06/2013 20:10:59]

########## EOF - C:\AdwCleaner[S1].txt - [18600 octets] ##########
  • 0

#7
mom2dacl
Posted 04 June 2013 - 06:43 PM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{656461ef-40f6-4115-9ff1-bced9812ccbb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
File C:\Program Files\BitTorrentBar2\prxtbBitT.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{656461ef-40f6-4115-9ff1-bced9812ccbb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
File C:\Program Files\BitTorrentBar2\prxtbBitT.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: %7B656461ef-40f6-4115-9ff1-bced9812ccbb%7D:3.18.0.7 removed from extensions.enabledAddons
Folder C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected] folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected] moved successfully.
File C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi not found.
File C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\searchplugins\sweetim.xml not found.
C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
File C:\Program Files\BitTorrentBar2\prxtbBitT.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{656461ef-40f6-4115-9ff1-bced9812ccbb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb}\ not found.
File C:\Program Files\BitTorrentBar2\prxtbBitT.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{656461EF-40F6-4115-9FF1-BCED9812CCBB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656461EF-40F6-4115-9FF1-BCED9812CCBB}\ not found.
File C:\Program Files\BitTorrentBar2\prxtbBitT.dll not found.
Folder C:\ProgramData\blekko toolbars\ not found.
C:\Users\Computer\AppData\Roaming\7CB76 folder moved successfully.
C:\Users\Computer\AppData\Roaming\94B7C folder moved successfully.
C:\Users\Computer\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
C:\Users\Computer\AppData\Roaming\cF3pnG5aQ6W7 folder moved successfully.
C:\Users\Computer\AppData\Roaming\iXwjUCelIrPyA folder moved successfully.
C:\Users\Computer\AppData\Roaming\kuvS2obF3m5Q6W8 folder moved successfully.
C:\Users\Computer\AppData\Roaming\lSS22ibD3pnG4Q6 folder moved successfully.
C:\Users\Computer\AppData\Roaming\qRL9gTXqjCkVzNx folder moved successfully.
C:\Users\Computer\AppData\Roaming\qVVrlBtxP0yc1io folder moved successfully.
C:\Users\Computer\AppData\Roaming\uaaaQHH6s folder moved successfully.
C:\Users\Computer\AppData\Roaming\VWWWK77fEL9TqjC folder moved successfully.
C:\Users\Computer\AppData\Roaming\xZZqqjYYCwIVrON folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 30959193 bytes
->Temporary Internet Files folder emptied: 68438836 bytes
->Java cache emptied: 16401976 bytes
->FireFox cache emptied: 87785195 bytes
->Google Chrome cache emptied: 416869756 bytes
->Flash cache emptied: 439485 bytes

User: Computer
->Temp folder emptied: 6945581 bytes
->Temporary Internet Files folder emptied: 8631888 bytes
->Java cache emptied: 526889088 bytes
->FireFox cache emptied: 79487587 bytes
->Flash cache emptied: 62266 bytes

User: Dean
->Temp folder emptied: 231760380 bytes
->Temporary Internet Files folder emptied: 79810408 bytes
->Java cache emptied: 27531473 bytes
->FireFox cache emptied: 199234736 bytes
->Google Chrome cache emptied: 203112738 bytes
->Flash cache emptied: 14913 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 174552 bytes
->Temporary Internet Files folder emptied: 54307 bytes
->Flash cache emptied: 57616 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17993632 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,910.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06042013_202359

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
Jasmyne
Posted 04 June 2013 - 07:33 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
One more OTL Scan so I check to see that everything is gone. :)

Please open OTL again:
  • Please check the box next to Scan All Users
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, post the log it produces in your next reply.

  • 0

#9
mom2dacl
Posted 06 June 2013 - 07:14 AM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 6/4/2013 8:45:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.44% Memory free
5.75 Gb Paging File | 4.67 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 183.31 Gb Free Space | 63.93% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/16 19:27:26 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 19:27:25 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/05/16 19:27:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 21:58:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/05 03:29:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54141
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/05/17 23:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/31 09:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/04 20:24:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/31 09:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/04 20:24:38 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/06/04 20:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/05/15 15:26:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/05/31 09:01:47 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/05/16 19:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/16 19:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/16 19:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/16 19:27:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/17 23:04:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2013/06/01 06:26:03 | 000,447,858 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15378 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 20:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/04 20:07:20 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\computer fix
[2013/06/04 09:12:42 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\RK_Quarantine
[2013/06/01 06:03:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\LavasoftStatistics
[2013/05/31 14:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/05/31 09:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/05/31 09:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/05/31 09:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/05/31 09:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/31 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adawarebp
[2013/05/31 09:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/31 09:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/05/31 08:58:51 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/31 08:58:50 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/31 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2013/05/31 08:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/31 08:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/31 08:56:01 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/05/31 08:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/31 08:55:24 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Programs
[2013/05/29 16:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 13:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
[2013/05/26 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/05/26 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/26 22:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/05/18 12:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlus Online
[2013/05/18 11:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\raptr
[2013/05/18 11:54:14 | 000,000,000 | ---D | C] -- C:\Atlus Online
[2013/05/17 23:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
[2013/05/17 22:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\gravitysensation.com
[2013/05/16 19:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/15 03:09:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 03:09:45 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 03:09:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 03:09:44 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 03:09:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 03:09:42 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 03:09:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 03:09:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 03:09:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 03:09:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/14 17:55:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 17:55:37 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/14 17:50:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/14 17:50:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/14 17:50:14 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/13 15:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/13 15:42:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/05/13 15:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/05/13 15:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/11 08:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/11 08:45:21 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/11 08:45:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/11 08:45:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/11 08:45:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

========== Files - Modified Within 30 Days ==========

[2013/06/04 20:39:17 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 20:39:17 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 20:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 20:37:51 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/06/04 20:33:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 20:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/04 20:31:10 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/04 20:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1031511220-1319934591-3059643299-1002UA.job
[2013/06/04 20:11:54 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1031511220-1319934591-3059643299-1002Core.job
[2013/06/04 20:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/01 06:26:03 | 000,447,858 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/31 08:58:50 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/31 08:56:10 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/31 07:52:16 | 000,017,838 | ---- | M] () -- C:\Users\Computer\Documents\cc_20130531_075212.reg
[2013/05/30 17:38:26 | 000,002,229 | ---- | M] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 16:20:08 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/27 11:11:23 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 11:11:23 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/26 22:09:58 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/17 23:04:50 | 000,000,062 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/17 23:04:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/05/15 03:32:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/14 21:57:54 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 21:57:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/12 19:50:50 | 000,000,632 | R-S- | M] () -- C:\Users\Computer\ntuser.pol
[2013/05/11 08:44:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/05/11 08:44:35 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/11 08:44:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/11 08:44:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/11 08:44:31 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/05/11 08:44:31 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/05/09 04:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 04:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/05/31 09:02:31 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/05/31 08:56:10 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/31 08:56:10 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/31 07:52:13 | 000,017,838 | ---- | C] () -- C:\Users\Computer\Documents\cc_20130531_075212.reg
[2013/05/30 17:38:26 | 000,002,229 | ---- | C] () -- C:\Users\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 16:20:08 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 15:33:26 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 15:33:25 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/26 22:09:58 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 18:47:32 | 000,002,202 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ldr.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 14:39:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/18 08:21:23 | 000,000,632 | R-S- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#10
mom2dacl
Posted 06 June 2013 - 07:15 AM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am about to go out of town until monday. Please don't delete my post, will be right back on as soon as I get back to town!
Thanks!!!!
  • 0

Advertisements

#11
Jasmyne
Posted 06 June 2013 - 07:17 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

I am about to go out of town until monday. Please don't delete my post, will be right back on as soon as I get back to town!
Thanks!!!!

Thank you for letting me know, I will make sure it remains open and have further instructions waiting when you return. Have a safe trip and a good weekend!
  • 0

#12
Jasmyne
Posted 07 June 2013 - 10:09 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I hope you had a good weekend. I have a few more things for you. Once you have finished these steps, please let me know how your computer is running.

Step 1 - Remove one Antivirus Program
Your logs are still showing two antivirus programs running (Ad-Aware Antivirus and Avast!). Having two antivirus programs not only hogs system resources, but many times they conflict with each other and the detection rates are worse, not better. Both are good antivirus programs, so keep which ever one you would like and please uninstall the other one.

Step 2 - Run RogueKiller

Please open RogueKiller as you did previously.
Click on the Fix Proxy button on the right side.

Step 3 - MalwareBytes Scan

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 4 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

Step 5 - Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. RogueKiller Log
2. MalwareBytes Log
3. ESET Online Scan Log
4. Secuity Check Log (checkup.txt)
5. How is your computer running?
  • 0

#13
mom2dacl
Posted 10 June 2013 - 05:16 PM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Computer [Admin rights]
Mode : ProxyFix -- Date : 06/10/2013 16:41:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)

¤¤¤ Driver : [LOADED] ¤¤¤



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.10.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Computer :: COMPUTER-PC [administrator]

6/10/2013 4:52:31 PM
mbam-log-2013-06-10 (16-52-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269204
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Chris\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Computer\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

(end)



ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fa14430a472bb84bb9bcbc81b57b24b3
# engine=14043
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-10 11:04:04
# local_time=2013-06-10 07:04:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=770 16774141 100 95 1087537 146690116 0 0
# compatibility_mode=5893 16776574 66 94 48977566 122450235 0 0
# scanned=227874
# found=13
# cleaned=13
# scan_time=5726
sh=58E15DAEE31C6B8C8F6A5B72D4597918A32099C3 ft=1 fh=1921dd17969cb28f vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1031511220-1319934591-3059643299-1002\$REM7SEE.exe"
sh=88F07DB216F388A603179649D83BF1FC9AC8CB06 ft=1 fh=b538b1f51b2210a0 vn="a variant of Win32/HackTool.CheatEngine.AB application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Cheat Engine 6.2\standalonephase1.dat"
sh=3ED60DA46AA5E1995FE911EB7C5F7E5A073063D7 ft=1 fh=44476b5eaa90a81b vn="Win32/InstalleRex.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Chris\Downloads\GadgetBox.exe"
sh=18C26B11EA71AACAEF251B62D6D5B76579548D60 ft=1 fh=a2a20cbfd8c1df3d vn="Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Chris\Downloads\iLividSetupV1.exe"
sh=7C29E35B2AC876EFEDCA2F8F7EFC03007FCE683B ft=1 fh=0eb413b8cca6284c vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Chris\Downloads\mp3rocket.exe.part"
sh=681533469CFC12C0D1397C3B811A38504BF05488 ft=1 fh=e51b2effac67c3d0 vn="a variant of Win32/InstallCore.G application (deleted - quarantined)" ac=C fn="C:\Users\Chris\FoxTabPDFReader\Uninstall\Uninstall.exe"
sh=13F6F3076E6714A53A7EFCD787639111DA07B757 ft=1 fh=4f2fbe3e6a6a7d25 vn="Win32/InstallMate.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Computer\Downloads\DownloadSetup.exe"
sh=D49235598E487430D1F2D55B2A75F115465A94CF ft=1 fh=06b16f9ef8d1d6fb vn="Win32/InstalleRex.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Computer\Downloads\setup(1).exe"
sh=E772F75EC60A1A20893EBCEEE3E38196A5AF5A4A ft=1 fh=9d18ea6e5eb42b51 vn="a variant of Win32/CasOnline.F application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Computer\Downloads\setup.exe"
sh=653EBC778C6EA89B5CAC2C69C66E88C5CC2D7A58 ft=1 fh=31688d33e04239b8 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dean\AppData\Local\MediaHuman\YouTube to MP3\Update\2.5.6\YouTubeToMP3.exe"
sh=5042D797D7FA03425D3AD7E333F5435626CA6534 ft=1 fh=d79aa0eaee573ccb vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dean\Downloads\CheatEngine62.exe"
sh=BF7D2D2BE679B089AE418BF3A868D33B90315179 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06042013_202359\C_Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]"
Finished : << RKreport[1]_PR_06102013_02d1641.txt >>
RKreport[1]_PR_06102013_02d1641.txt



Last log is working
Thanks for keeping the post open!
  • 0

#14
mom2dacl
Posted 10 June 2013 - 05:20 PM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java™ 6 Update 37
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#15
mom2dacl
Posted 10 June 2013 - 05:53 PM

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Computer running ok, but still have web page "links" to ads. Haven't had an ad pop-up today at all!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP