Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cfxpy login and double underlink hyperlink [Solved]


  • This topic is locked This topic is locked

#16
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, agsmith :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

It would be a good idea also to reset your firewall in case the malware opened any ports.

Please update these programs, as old versions pose a security risk.
  • Java -> You have the latest version, but please read the warning below:

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, make sure you keep it updated to the latest version.
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:

  • Launch Adobe Reader.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

Advertisements


#17
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you SO SO SO very much for all your help! You really know your stuff!
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Glad to have helped. Posted Image
  • 0

#19
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok, the double underlined ads are back again :(
  • 0

#20
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Please run another OTL quick scan.
  • 0

#21
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, but I have already restored my computer to a backup i created last night, which I created after following your last post's advice.

OTL log:
OTL logfile created on: 6/11/2013 11:39:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.34% Memory free
3.98 Gb Paging File | 2.41 Gb Available in Paging File | 60.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 133.41 Gb Free Space | 57.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.87 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 156.95 Gb Free Space | 33.70% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 23:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Downloads\OTL.exe
PRC - [2013/06/11 00:26:22 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/27 01:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/05/21 22:49:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/27 16:42:00 | 001,742,624 | ---- | M] (Wondershare) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/08 15:14:16 | 000,122,032 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/11/08 15:01:30 | 001,516,680 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/27 01:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013/05/27 01:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013/05/21 22:48:51 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/15 13:19:09 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2743fdfcb695f6e9b1c3c4a7759ff4e8\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/14 23:39:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/14 23:39:25 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/14 23:39:24 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/03 14:56:02 | 000,148,768 | ---- | M] () -- C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\components\VCFFComponent4.dll
MOD - [2013/02/05 00:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2013/01/09 14:11:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 13:53:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 13:53:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 13:52:43 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 13:52:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Services (SafeList) ==========

SRV - [2013/06/11 23:12:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 01:58:04 | 001,167,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/05/21 22:49:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 06:56:22 | 001,227,800 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 06:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/01/18 13:39:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/06/01 23:15:23 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/18 06:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/26 19:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 89 E9 01 61 E1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.searchEnginesURL: "http://www.google.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586
FF - prefs.js..extensions.enabledAddons: %7B8D150B8F-EFE8-45a3-A4A3-053020F48FAC%7D:6.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Amanda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox [2013/05/04 16:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 00:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 00:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/11 13:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [2013/06/11 14:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 00:27:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 00:27:07 | 000,000,000 | ---D | M]

[2012/05/01 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/06/11 14:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\extensions
[2013/06/05 11:57:05 | 001,382,186 | ---- | M] () (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\extensions\[email protected]
[2013/05/01 13:13:57 | 000,002,545 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\searchplugins\aol-search.xml
[2013/06/11 13:32:01 | 000,001,778 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\searchplugins\Bing.xml
[2013/05/21 22:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 22:49:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 13:32:48 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/06/11 14:16:11 | 000,000,000 | ---D | M] (Wondershare Video Converter Ultimate) -- C:\PROGRAM FILES\WONDERSHARE\VIDEO CONVERTER ULTIMATE\SVRFIREFOXEXT
[2013/06/11 00:29:21 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/06/11 00:26:44 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe ()
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKLM..\RunOnce: [acala3gp] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF80001F-6CD9-455A-9000-A7CB56B0F665}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/04/22 17:39:24 | 000,000,030 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\AVS4YOU
[2013/06/11 14:21:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/06/11 14:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/06/11 14:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2013/06/11 14:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/06/11 14:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2013/06/11 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Wondershare Video Converter Ultimate
[2013/06/11 14:16:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2013/06/11 14:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013/06/11 14:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Video Converter Ultimate
[2013/06/11 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2013/06/11 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2013/06/11 14:09:17 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\RER Soft, Inc
[2013/06/11 13:40:46 | 000,000,000 | ---D | C] -- C:\AcalaSoft
[2013/06/11 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/06/11 13:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013/06/11 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/06/11 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/06/11 13:31:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013/06/11 13:31:17 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\dvdcss
[2013/06/11 13:07:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2013/06/11 13:07:23 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2013/06/11 13:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013/06/11 12:46:50 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2013/06/11 12:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2013/06/11 12:43:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Wondershare
[2013/06/11 12:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/06/11 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Wondershare DVD Creator
[2013/06/11 00:34:32 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{149FC43D-019A-46F2-B9A5-22391E4561DA}
[2013/06/11 00:30:59 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\RealNetworks
[2013/06/11 00:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/06/11 00:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/11 00:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/06/10 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Secunia PSI
[2013/06/10 22:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/06/10 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/09 12:33:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1DF72CF9-1CF5-44B6-867E-2AD9512DD3A0}
[2013/06/08 13:56:34 | 000,000,000 | ---D | C] -- C:\Temp
[2013/06/08 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{573B59C3-B5D2-4F0C-A1E4-AD9681CEA0CE}
[2013/06/08 00:04:00 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\how to back up phone - Google Search_files
[2013/06/07 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{77D3BF00-43D6-4C94-B0A3-7DBE98E9DFE1}
[2013/06/07 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Life Ideas
[2013/06/06 23:51:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{D5449EF6-08D5-4672-9853-2CCDA8FE28CD}
[2013/06/06 11:51:03 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8B9A5DB0-1A46-4DA2-AE06-5F0D8953EE6C}
[2013/06/05 23:50:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8570DE9A-9E01-409A-B409-A3ABC4759B0B}
[2013/06/05 22:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/05 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/05 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/05 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{00F13A5E-0EB6-4CD4-8BDB-5CEB84D05572}
[2013/06/04 12:45:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{5E128A50-67B3-4DE2-8337-5C18189A75EB}
[2013/06/03 23:43:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{E08ACF48-E11C-4D9D-9854-0FCE9511C11D}
[2013/06/03 12:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/03 11:42:45 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C58650A2-328F-4095-9814-92FD0C3C791E}
[2013/06/02 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C080BBD6-6C21-442E-BE29-10C1933B1C07}
[2013/06/01 23:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/01 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/06/01 23:32:13 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Computer Health
[2013/06/01 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
[2013/06/01 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013/06/01 23:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/06/01 23:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2013/06/01 23:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/06/01 23:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/06/01 23:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013/06/01 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\DSP-worx
[2013/06/01 23:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013/06/01 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\LavFilters
[2013/06/01 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\CDXReader
[2013/06/01 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/01 23:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/06/01 23:18:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0400000.030
[2013/06/01 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/01 23:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/01 23:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/06/01 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\DSite
[2013/06/01 23:15:24 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/06/01 23:15:24 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/06/01 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1B67C954-CED6-4830-BF68-596BE6CA7590}
[2013/05/31 00:20:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1144C19B-1209-4506-A04D-5ED3D63B5098}
[2013/05/30 12:20:26 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5C46E3E-0DB8-4FC0-ACB5-2F9D3E52FB86}
[2013/05/30 00:03:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{39909FA6-1950-491F-A425-4BA2C5AE1C7D}
[2013/05/29 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8A6F0F7E-5666-4D41-9F49-302489830EAD}
[2013/05/28 13:48:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{A9F5D360-1DFD-4EDA-BEA7-D6870999D1F1}
[2013/05/27 23:33:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{458CA5A4-6547-4973-899A-22E79CDFC053}
[2013/05/27 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AEE8D952-DE68-46C2-AABF-299695EB60F3}
[2013/05/25 13:42:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{D359C8A9-13C2-49C7-93CB-FE5E2F53CBD4}
[2013/05/24 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{23034A7D-52C0-4AE3-8FC5-B6A5F276DA99}
[2013/05/23 13:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/23 13:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/23 13:25:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{DA2AF7E6-0590-46C1-8C18-28C9FF83CFB0}
[2013/05/22 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{922683DF-B812-4ADA-AB58-33DFE3FFE3D7}
[2013/05/21 22:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/21 22:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/05/21 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{124474E7-63E6-4CC4-B1E8-CCCEFA5B06A2}
[2013/05/20 21:21:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{9EEDE4C4-DDBB-4E31-A9DE-CDDB3C92277F}
[2013/05/20 13:35:58 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{55D2BA2B-905C-4368-8225-B814447E96D3}
[2013/05/19 12:22:22 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{A878D055-F9D1-4B17-BB5E-0F1F7A1CEB12}
[2013/05/18 14:01:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AA5902BD-EC2F-4AFE-B231-F064C4A4AC1E}
[2013/05/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{2787E9A9-8D37-4377-8C67-1EA0826136A5}
[2013/05/16 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{94517B3D-83E8-4396-B334-160B8355DFB2}
[2013/05/16 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Lexar Media
[2013/05/15 12:58:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{E9222793-7352-493F-97DB-09D4F2BAEE10}
[2013/05/14 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F2269C77-DE8D-4C3C-9ACE-1BC508C3B26A}
[2013/05/13 13:16:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{805C8F25-C16E-49E8-8390-3CB1A813AE4D}
[2013/05/13 00:01:48 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{66BA18CB-D7E0-4010-814D-E10912BFC07A}

========== Files - Modified Within 30 Days ==========

[2013/06/11 23:19:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1000443104-1969732642-3790898716-1000UA.job
[2013/06/11 23:17:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/06/11 23:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 22:59:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 22:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 22:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 22:44:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/06/11 16:17:48 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2013/06/11 14:19:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1000443104-1969732642-3790898716-1000Core.job
[2013/06/11 14:16:13 | 000,001,327 | ---- | M] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Ultimate.lnk
[2013/06/11 00:26:26 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/06/10 22:46:47 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 22:46:47 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 22:39:58 | 000,000,378 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{BFEFFC0C-520A-4271-BB59-16FAFD04159C}.job
[2013/06/10 22:39:19 | 1602,097,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 13:54:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/08 00:04:02 | 000,307,698 | ---- | M] () -- C:\Users\Amanda\Desktop\how to back up phone - Google Search.htm
[2013/06/02 13:52:22 | 000,351,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/01 23:19:05 | 000,001,786 | ---- | M] () -- C:\Windows\unins000.dat
[2013/06/01 23:19:01 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/06/01 23:15:23 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/06/01 23:15:23 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013/05/27 01:55:06 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013/05/21 00:11:27 | 000,669,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/21 00:11:27 | 000,125,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/06/11 14:16:13 | 000,001,327 | ---- | C] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Ultimate.lnk
[2013/06/11 14:16:09 | 000,727,952 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2013/06/11 14:16:09 | 000,153,088 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2013/06/11 13:31:53 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013/06/11 13:31:53 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013/06/11 12:46:35 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2013/06/11 12:46:35 | 001,761,280 | ---- | C] () -- C:\Windows\System32\ffdshow.ax
[2013/06/11 12:46:35 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2013/06/11 12:46:35 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2013/06/11 12:46:35 | 000,172,032 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2013/06/11 12:46:35 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2013/06/10 22:41:32 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/06/10 21:26:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/08 00:03:59 | 000,307,698 | ---- | C] () -- C:\Users\Amanda\Desktop\how to back up phone - Google Search.htm
[2013/06/01 23:19:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013/06/01 23:19:34 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/06/01 23:19:34 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/01 23:19:25 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/06/01 23:19:05 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/06/01 23:19:04 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/01 23:19:04 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/01 23:18:15 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2013/06/01 23:17:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0400000.030\isolate.ini
[2013/06/01 23:17:25 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/05/21 22:48:14 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 22:48:12 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/24 16:37:46 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/12/02 15:56:23 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012/11/29 22:33:28 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/05/20 23:56:17 | 000,003,584 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/29 17:10:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/19 01:48:06 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/18 23:31:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/18 23:30:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/18 13:45:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/16 14:29:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/04 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\.oit
[2012/11/20 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Audacity
[2012/12/02 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Canon
[2013/06/01 23:19:11 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\CDXReader
[2012/01/23 01:00:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/12/11 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\ConverterLite
[2013/06/01 23:17:20 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\DSite
[2013/05/15 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\FileAssociationManager
[2013/06/01 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\LavFilters
[2012/01/16 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Leadertech
[2012/12/02 18:11:41 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\NewSoft
[2012/12/09 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Pavtube
[2012/08/18 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\RIFT
[2012/11/30 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Seagate
[2013/03/21 23:37:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Unity
[2013/06/06 22:50:03 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\VDownloader
[2013/02/19 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2013/06/11 14:16:30 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



< End of report >
  • 0

#22
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And the OTL extras.txt file
OTL Extras logfile created on: 6/11/2013 11:39:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.34% Memory free
3.98 Gb Paging File | 2.41 Gb Available in Paging File | 60.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 133.41 Gb Free Space | 57.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.87 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 156.95 Gb Free Space | 33.70% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26C26101-5F98-4AE6-8120-47B0B1251032}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5B7B1BDF-AA0F-47BF-90B7-D41C7AA5FF46}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8B29D880-DB77-4FBF-8A13-93289AA88D2F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FA8041C5-D9C0-43FF-9554-7BE39E179DEB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"TCP Query User{BF959C71-FF3D-4CFF-A1B4-C088D8222DFB}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{D781E195-B405-4F4F-947F-A9AAD33DFEBC}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87AEED05-C717-47bc-93BB-F8E527D2690F}" = Canon D400-450
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9489EB15-6BEE-CF1F-2636-CD0B0619DB83}" = Batch PDF Merger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Carbon
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1421
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1" = Pavtube Video Converter Ver 3.7.3.1865
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.35
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Boxoft Mp3 to WAV Converter (freeware)_is1" = Boxoft Mp3 to WAV Converter (freeware)
"CCFinderAppId_is1" = CCFinder
"CCleaner" = CCleaner
"com.essexreddevelopment.mergepdfmac" = Batch PDF Merger
"ConverterLite" = ConverterLite 1.6.2
"CutePDF Writer Installation" = CutePDF Writer 3.0
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"FileAssociationManager" = File Association Manager 0.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"LameACM" = Lame ACM MP3 Codec
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Clipper and Joiner_is1" = Uninstall Mp3 Clipper and Joiner
"NSS" = Norton Security Scan
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Softdiv MP3 to WAV Converter_is1" = Softdiv MP3 to WAV Converter 3.0
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"TVWiz" = Intel® TV Wizard
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"UnzipLite" = UnzipLite 0.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WNLT" = SweetPacks Updater Service
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 6.5.0.5)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for Codec Pack
"UnityWebPlayer" = Unity Web Player
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 6/11/2013 5:12:36 PM | Computer Name = Amanda-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 6/11/2013 5:14:29 PM | Computer Name = Amanda-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/11/2013 5:22:01 PM | Computer Name = Amanda-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/11/2013 5:22:06 PM | Computer Name = Amanda-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7001
Description = The IP Helper service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7001
Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 6/8/2013 4:53:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

Error - 6/9/2013 12:41:35 AM | Computer Name = Amanda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:06:17 PM on ?6/?8/?2013 was unexpected.

Error - 6/10/2013 6:14:18 AM | Computer Name = Amanda-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume H: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 6/10/2013 11:40:03 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Seagate
Dashboard Services service to connect.

Error - 6/11/2013 6:28:26 PM | Computer Name = Amanda-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
  • 0

#23
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok, please run the two scans below.

Step 1: Shortcut Cleaner.

Please download Shortcut Cleaner and double-click the icon to run the program. Post the log that it produces.

Step 2: AdwCleaner


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Please run a fresh OTL quick scan and also let me know if the ads are gone.
  • 0

#24
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
SC Cleaner log:
Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows 7 Ultimate Service Pack 1
Program started at: 06/13/2013 01:24:00 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Amanda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Amanda\Desktop


0 bad shortcuts found.

Program finished at: 06/13/2013 01:24:05 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

OTL quickscan log:
OTL logfile created on: 6/13/2013 1:25:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amanda\Desktop\Computer Health
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.80% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 134.18 Gb Free Space | 57.62% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.87 Gb Free Space | 99.15% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 23:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\Computer Health\OTL.exe
PRC - [2013/06/11 00:26:22 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/21 22:49:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/18 06:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/04/16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/08 15:14:16 | 000,122,032 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/11/08 15:01:30 | 001,516,680 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/21 22:48:51 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/15 13:19:09 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2743fdfcb695f6e9b1c3c4a7759ff4e8\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/14 23:39:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/14 23:39:25 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/14 23:39:24 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/01/09 14:11:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 13:53:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 13:53:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 13:52:43 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 13:52:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Services (SafeList) ==========

SRV - [2013/06/11 23:12:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 22:49:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 06:56:22 | 001,227,800 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 06:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/01/18 13:39:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/06/01 23:15:23 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/18 06:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/26 19:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 89 E9 01 61 E1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.searchEnginesURL: "http://www.google.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586
FF - prefs.js..extensions.enabledAddons: %7B8D150B8F-EFE8-45a3-A4A3-053020F48FAC%7D:6.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Amanda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox [2013/05/04 16:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 00:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 00:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/11 13:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 00:27:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 00:27:07 | 000,000,000 | ---D | M]

[2012/05/01 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2013/06/11 14:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\extensions
[2013/06/05 11:57:05 | 001,382,186 | ---- | M] () (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\extensions\[email protected]
[2013/05/01 13:13:57 | 000,002,545 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\searchplugins\aol-search.xml
[2013/06/11 13:32:01 | 000,001,778 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\searchplugins\Bing.xml
[2013/05/21 22:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 22:49:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 13:32:48 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/06/11 00:29:21 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/06/11 00:26:44 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF80001F-6CD9-455A-9000-A7CB56B0F665}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/06/12 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\for kitchen folder
[2013/06/12 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{A1B7D8F0-9FB2-48E4-A35F-7334C50DA3C8}
[2013/06/11 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\AVS4YOU
[2013/06/11 14:21:53 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/06/11 14:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/06/11 14:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2013/06/11 14:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/06/11 14:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2013/06/11 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Wondershare Video Converter Ultimate
[2013/06/11 14:16:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2013/06/11 14:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Video Converter Ultimate
[2013/06/11 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2013/06/11 14:09:17 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\RER Soft, Inc
[2013/06/11 13:40:46 | 000,000,000 | ---D | C] -- C:\AcalaSoft
[2013/06/11 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/06/11 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/06/11 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/06/11 13:31:17 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\dvdcss
[2013/06/11 13:07:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2013/06/11 13:07:23 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2013/06/11 13:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013/06/11 12:46:50 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2013/06/11 12:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2013/06/11 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Wondershare DVD Creator
[2013/06/11 00:34:32 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{149FC43D-019A-46F2-B9A5-22391E4561DA}
[2013/06/11 00:30:59 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\RealNetworks
[2013/06/11 00:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/06/11 00:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/11 00:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/06/10 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Secunia PSI
[2013/06/10 22:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/06/10 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/09 12:33:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1DF72CF9-1CF5-44B6-867E-2AD9512DD3A0}
[2013/06/08 13:56:34 | 000,000,000 | ---D | C] -- C:\Temp
[2013/06/08 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{573B59C3-B5D2-4F0C-A1E4-AD9681CEA0CE}
[2013/06/08 00:04:00 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\how to back up phone - Google Search_files
[2013/06/07 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{77D3BF00-43D6-4C94-B0A3-7DBE98E9DFE1}
[2013/06/07 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Life Ideas
[2013/06/06 23:51:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{D5449EF6-08D5-4672-9853-2CCDA8FE28CD}
[2013/06/06 11:51:03 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8B9A5DB0-1A46-4DA2-AE06-5F0D8953EE6C}
[2013/06/05 23:50:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8570DE9A-9E01-409A-B409-A3ABC4759B0B}
[2013/06/05 22:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/05 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/05 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/05 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{00F13A5E-0EB6-4CD4-8BDB-5CEB84D05572}
[2013/06/04 12:45:33 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{5E128A50-67B3-4DE2-8337-5C18189A75EB}
[2013/06/03 23:43:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{E08ACF48-E11C-4D9D-9854-0FCE9511C11D}
[2013/06/03 12:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/03 11:42:45 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C58650A2-328F-4095-9814-92FD0C3C791E}
[2013/06/02 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{C080BBD6-6C21-442E-BE29-10C1933B1C07}
[2013/06/01 23:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/01 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/06/01 23:32:13 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Computer Health
[2013/06/01 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
[2013/06/01 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013/06/01 23:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/06/01 23:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2013/06/01 23:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/06/01 23:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/06/01 23:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013/06/01 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\DSP-worx
[2013/06/01 23:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013/06/01 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\LavFilters
[2013/06/01 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\CDXReader
[2013/06/01 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/01 23:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/06/01 23:18:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/06/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0400000.030
[2013/06/01 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/01 23:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/01 23:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/06/01 23:15:24 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/06/01 23:15:24 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/06/01 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1B67C954-CED6-4830-BF68-596BE6CA7590}
[2013/05/31 00:20:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{1144C19B-1209-4506-A04D-5ED3D63B5098}
[2013/05/30 12:20:26 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F5C46E3E-0DB8-4FC0-ACB5-2F9D3E52FB86}
[2013/05/30 00:03:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{39909FA6-1950-491F-A425-4BA2C5AE1C7D}
[2013/05/29 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{8A6F0F7E-5666-4D41-9F49-302489830EAD}
[2013/05/28 13:48:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{A9F5D360-1DFD-4EDA-BEA7-D6870999D1F1}
[2013/05/27 23:33:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{458CA5A4-6547-4973-899A-22E79CDFC053}
[2013/05/27 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AEE8D952-DE68-46C2-AABF-299695EB60F3}
[2013/05/25 13:42:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{D359C8A9-13C2-49C7-93CB-FE5E2F53CBD4}
[2013/05/24 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{23034A7D-52C0-4AE3-8FC5-B6A5F276DA99}
[2013/05/23 13:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/23 13:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/23 13:25:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{DA2AF7E6-0590-46C1-8C18-28C9FF83CFB0}
[2013/05/22 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{922683DF-B812-4ADA-AB58-33DFE3FFE3D7}
[2013/05/21 22:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/21 22:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/05/21 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{124474E7-63E6-4CC4-B1E8-CCCEFA5B06A2}
[2013/05/20 21:21:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{9EEDE4C4-DDBB-4E31-A9DE-CDDB3C92277F}
[2013/05/20 13:35:58 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{55D2BA2B-905C-4368-8225-B814447E96D3}
[2013/05/19 12:22:22 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{A878D055-F9D1-4B17-BB5E-0F1F7A1CEB12}
[2013/05/18 14:01:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{AA5902BD-EC2F-4AFE-B231-F064C4A4AC1E}
[2013/05/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{2787E9A9-8D37-4377-8C67-1EA0826136A5}
[2013/05/16 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{94517B3D-83E8-4396-B334-160B8355DFB2}
[2013/05/16 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Lexar Media
[2013/05/15 12:58:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{E9222793-7352-493F-97DB-09D4F2BAEE10}
[2013/05/14 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\{F2269C77-DE8D-4C3C-9ACE-1BC508C3B26A}

========== Files - Modified Within 30 Days ==========

[2013/06/13 13:30:02 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 13:30:02 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 13:27:12 | 002,545,907 | ---- | M] () -- C:\Users\Amanda\Desktop\Common Cooking Mistakes_ Cooking Tips and Questions Answered - Cooking Light.pdf
[2013/06/13 13:22:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 13:22:25 | 000,000,378 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{BFEFFC0C-520A-4271-BB59-16FAFD04159C}.job
[2013/06/13 13:22:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 13:22:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/06/13 13:22:01 | 1602,097,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/13 13:20:57 | 000,000,184 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/13 00:04:17 | 000,078,344 | ---- | M] () -- C:\Users\Amanda\Desktop\BIG LONG LIST.pdf
[2013/06/12 23:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/12 23:19:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1000443104-1969732642-3790898716-1000UA.job
[2013/06/12 23:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 13:17:43 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2013/06/11 14:19:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1000443104-1969732642-3790898716-1000Core.job
[2013/06/11 00:26:26 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/06/08 13:54:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/08 00:04:02 | 000,307,698 | ---- | M] () -- C:\Users\Amanda\Desktop\how to back up phone - Google Search.htm
[2013/06/02 13:52:22 | 000,351,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/01 23:19:05 | 000,001,786 | ---- | M] () -- C:\Windows\unins000.dat
[2013/06/01 23:19:01 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/06/01 23:15:23 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/06/01 23:15:23 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013/05/27 01:55:06 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013/05/21 00:11:27 | 000,669,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/21 00:11:27 | 000,125,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/06/13 13:27:35 | 002,545,907 | ---- | C] () -- C:\Users\Amanda\Desktop\Common Cooking Mistakes_ Cooking Tips and Questions Answered - Cooking Light.pdf
[2013/06/13 13:20:45 | 000,000,184 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/13 00:04:21 | 000,078,344 | ---- | C] () -- C:\Users\Amanda\Desktop\BIG LONG LIST.pdf
[2013/06/11 13:31:53 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013/06/11 13:31:53 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013/06/11 12:46:35 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2013/06/11 12:46:35 | 001,761,280 | ---- | C] () -- C:\Windows\System32\ffdshow.ax
[2013/06/11 12:46:35 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2013/06/11 12:46:35 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2013/06/11 12:46:35 | 000,172,032 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2013/06/11 12:46:35 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2013/06/10 21:26:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/08 00:03:59 | 000,307,698 | ---- | C] () -- C:\Users\Amanda\Desktop\how to back up phone - Google Search.htm
[2013/06/01 23:19:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013/06/01 23:19:34 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/06/01 23:19:34 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/01 23:19:25 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/06/01 23:19:05 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/06/01 23:19:04 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/01 23:19:04 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/01 23:18:15 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2013/06/01 23:17:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0400000.030\isolate.ini
[2013/05/21 22:48:14 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 22:48:12 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/24 16:37:46 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/12/02 15:56:23 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012/11/29 22:33:28 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/05/20 23:56:17 | 000,003,584 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/29 17:10:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/19 01:48:06 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/18 23:31:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/18 23:30:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/18 13:45:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/16 14:29:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/04 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\.oit
[2012/11/20 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Audacity
[2012/12/02 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Canon
[2013/06/01 23:19:11 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\CDXReader
[2012/01/23 01:00:23 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/12/11 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\ConverterLite
[2013/05/15 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\FileAssociationManager
[2013/06/01 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\LavFilters
[2012/01/16 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Leadertech
[2012/12/02 18:11:41 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\NewSoft
[2012/12/09 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Pavtube
[2012/08/18 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\RIFT
[2012/11/30 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Seagate
[2013/03/21 23:37:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Unity
[2013/06/06 22:50:03 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\VDownloader
[2013/02/19 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2013/06/11 14:16:30 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



< End of report >

AdwCleaner log:
# AdwCleaner v2.303 - Logfile created 06/13/2013 at 13:20:25
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Amanda - AMANDA-PC
# Boot Mode : Normal
# Running from : C:\Users\Amanda\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Updater By SweetPacks
Deleted on reboot : C:\Windows\system32\Zynga
Deleted on reboot : C:\Windows\system32\Zynga
File Deleted : C:\Windows\Tasks\DSite.job
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\Users\Amanda\AppData\Local\Wondershare
Folder Deleted : C:\Users\Amanda\AppData\Roaming\DSite
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\jetpack
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ojvdid29.default\prefs.js

Deleted : user_pref("extensions.mysearchdial.aflt", "ironmsd04");
Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,6[...]
Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Deleted : user_pref("extensions.mysearchdial.hdrMd5", "06DFC4BBDFF55355200E9D93498AACF4");
Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ironmsd04&cd=2Xzu[...]
Deleted : user_pref("extensions.mysearchdial.id", "00219B0057A8CDB0");
Deleted : user_pref("extensions.mysearchdial.instlDay", "15828");
Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=ironmsd04&cd=2XzuyE[...]
Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "23:4:24");
Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ironmsd04&cd=2X[...]
Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"14\",\"lastVrsn\":\"14\",\"vrsnLoad\":[...]
Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Deleted : user_pref("extensions.mysearchdial.sg", "none");
Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ironmsd04&cd=[...]
Deleted : user_pref("extensions.mysearchdial.vrsn", "");
Deleted : user_pref("extensions.mysearchdial.vrsni", "");
Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "23:4:24");
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"extensions":{"settings":{"pflphaooapbgpeakohlggbpidpppgdff":{"ack_external":true,"exclude_from_sid[...]

*************************

AdwCleaner[R1].txt - [10370 octets] - [13/06/2013 13:19:25]
AdwCleaner[S1].txt - [23673 octets] - [03/06/2013 12:04:45]
AdwCleaner[S2].txt - [10042 octets] - [13/06/2013 13:20:25]

########## EOF - C:\AdwCleaner[S2].txt - [10103 octets] ##########
  • 0

#25
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
A few extras to clean up. Do you use something called "IncrediMail"?


Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    SRV - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
    FF - prefs.js..extensions.enabledAddons: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/11 13:32:48 | 000,000,000 | ---D | M]
    [2013/06/11 13:32:48 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    
    O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll File not found
    
    [2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Are the ads gone?
  • 0

Advertisements


#26
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
How do I know whether the virus has hidden any files or folders before I run OTL?

And as far as I know, the ads have stopped.

I don't run IncrediMail

Thanks!
  • 0

#27
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

How do I know whether the virus has hidden any files or folders before I run OTL?



I put this warning because OTL will empty your temp files. Some viruses will hide some of your files in temp folder to make you think they are deleted and then try to get you to pay for them. I don't see indications of this virus, but I always include the warning. If you haven't noticed any pictures, documents, mp3, etc. missing, then you should be okay.

Since you don't use IncrediMail, please run this fix:

:Commands
[createrestorepoint]

:OTL
SRV - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
FF - prefs.js..extensions.enabledAddons: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/11 13:32:48 | 000,000,000 | ---D | M]
[2013/06/11 13:32:48 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX

O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll File not found

[2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013/05/27 01:55:06 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26C26101-5F98-4AE6-8120-47B0B1251032}"=-
"{5B7B1BDF-AA0F-47BF-90B7-D41C7AA5FF46}"=- 
"{8B29D880-DB77-4FBF-8A13-93289AA88D2F}"=-
"{FA8041C5-D9C0-43FF-9554-7BE39E179DEB}"=-

:Files
c:\windows\system32\arfc

:Commands
[emptytemp]


  • 0

#28
agsmith

agsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL from post in which you asked about incredimail:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Updater By SweetPacks stopped successfully!
Service Updater By SweetPacks deleted successfully!
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe moved successfully.
Prefs.js: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox folder moved successfully.
Folder C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
C:\Windows\System32\dmwu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amanda
->Temp folder emptied: 237289 bytes
->Temporary Internet Files folder emptied: 75036730 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 163021786 bytes
->Flash cache emptied: 12455 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1322101 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 229.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06142013_214826

Files\Folders moved on Reboot...
File\Folder C:\Users\Amanda\AppData\Local\Temp\1296.tmp not found!
File\Folder C:\Users\Amanda\AppData\Local\Temp\~DF599BD94A1A66582E.TMP not found!
File\Folder C:\Users\Amanda\AppData\Local\Temp\~DFCADCA5BFCBDF8FF6.TMP not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!
C:\Windows\temp\MpCmdRun.log moved successfully.
C:\Windows\temp\MpSigStub.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL file from post addressing my question:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Updater By SweetPacks was found to stop!
Service\Driver key Updater By SweetPacks not found.
File C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe not found.
Prefs.js: %7B7D4F1959-3F72-49d5-8E59-F02F8AA6815D%7D:2.0.0.586 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Folder C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
File C:\Windows\System32\dmwu.exe not found.
C:\Windows\System32\ImHttpComm.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26C26101-5F98-4AE6-8120-47B0B1251032} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C26101-5F98-4AE6-8120-47B0B1251032}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B7B1BDF-AA0F-47BF-90B7-D41C7AA5FF46} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B7B1BDF-AA0F-47BF-90B7-D41C7AA5FF46}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B29D880-DB77-4FBF-8A13-93289AA88D2F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B29D880-DB77-4FBF-8A13-93289AA88D2F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA8041C5-D9C0-43FF-9554-7BE39E179DEB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA8041C5-D9C0-43FF-9554-7BE39E179DEB}\ not found.
========== FILES ==========
c:\windows\system32\ARFC folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amanda
->Temp folder emptied: 153330 bytes
->Temporary Internet Files folder emptied: 10872 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14871880 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06142013_215523

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Test for any more ads and let me know.
  • 0

#30
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Are you still with me?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP