Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worried about computer being hacked [Closed]

Started by janji , Aug 21 2013 10:31 AM

  • This topic is locked This topic is locked

#16
janji
Posted 14 September 2013 - 10:38 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named winzipersvc.exe was found!
Error: No service named winzipersvc was found to stop!
Service\Driver key winzipersvc not found.
File C:\Program Files\WinZipper\winzipersvc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\ not found.
C:\Windows\Tasks\AWC Startup.job moved successfully.
Folder C:\Users\User\AppData\Roaming\WinZipper\ not found.
C:\Users\User\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Users\User\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Users\User\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.
C:\Users\User\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.
C:\Users\User\AppData\Roaming\AVG\AWL2012 folder moved successfully.
C:\Users\User\AppData\Roaming\AVG folder moved successfully.
========== FILES ==========
C:\Program Files\AVG\AVG2013\html folder moved successfully.
C:\Program Files\AVG\AVG2013\Drivers folder moved successfully.
C:\Program Files\AVG\AVG2013\3rd_party folder moved successfully.
C:\Program Files\AVG\AVG2013 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
File\Folder C:\Program Files\AVG 2013 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 52923737 bytes
->Temporary Internet Files folder emptied: 18198 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2798 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34868 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3402065577 bytes

Total Files Cleaned = 3,295.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09142013_183219

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#17
janji
Posted 14 September 2013 - 10:55 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL logfile created on: 14-Sep-13 6:40:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.50 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 63.78% Memory free
6.99 Gb Paging File | 5.73 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 23.23 Gb Free Space | 30.43% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 0.03 Gb Free Space | 0.80% Space Free | Partition Type: FAT32
Drive G: | 221.75 Gb Total Space | 221.31 Gb Free Space | 99.80% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-09-14 12:01:49 | 000,273,920 | ---- | M] (Moonchild Productions) -- C:\Program Files\Pale Moon\palemoon.exe
PRC - [2013-09-14 12:01:49 | 000,011,264 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Pale Moon\plugin-container.exe
PRC - [2013-09-11 11:20:19 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013-06-05 19:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-01-11 07:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-12-25 17:31:18 | 007,311,360 | ---- | M] (Fabio Martin) -- C:\Program Files\7 Sticky Notes\7StickyNotes.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-19 19:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013-09-14 12:01:51 | 003,028,480 | ---- | M] () -- C:\Program Files\Pale Moon\mozjs.dll
MOD - [2013-09-11 11:20:19 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012-11-13 22:53:04 | 000,121,472 | ---- | M] () -- C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2011-08-16 00:13:26 | 000,802,816 | ---- | M] () -- C:\Windows\System32\EditCtlsU.ocx
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2013-09-13 19:20:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-07-13 00:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-11-24 22:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-09-20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-03-16 06:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013-05-22 18:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013-04-03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-04-03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012-11-15 03:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012-11-13 22:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012-10-31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-24 00:39:46 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012-10-24 00:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-10-15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-07-20 12:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012-07-20 12:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012-06-20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-03-07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-11-20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-09-19 19:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010-07-27 15:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25 02:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20 02:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2013-09-14 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2013-09-14 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.0\extensions\\Components: C:\Program Files\Pale Moon\components [2013-09-14 12:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.0\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2013-09-14 17:23:06 | 000,000,000 | ---D | M]

[2010-07-27 15:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013-09-14 18:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
[2012-08-29 17:35:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013-07-10 15:09:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-08-05 10:39:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2011-12-13 13:32:18 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-09-13 19:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\staged
[2013-08-18 22:50:08 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-05-31 02:26:30 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:03:39 | 000,230,040 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,226,606 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-16 16:26:03 | 000,032,637 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,702,918 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:06 | 000,266,336 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
[2012-05-29 16:10:02 | 000,035,719 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2013-08-18 22:50:06 | 000,074,959 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013-06-14 22:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\4FDACF00-E9C4-4AD5-B4CF-BF9800F184F6@36857116-74E0-4973-936F-860CD2A102A9.COM
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Default Profile (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AP Suggestor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid\1.2.5_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: Lightning Newtab = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.5.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-08-08 15:11:29 | 000,449,839 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34409987-9796-4508-BBF4-9B47970A5F1F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-09-14 18:17:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-09-14 18:15:24 | 001,029,509 | ---- | C] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
[2013-09-14 17:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013-09-14 17:32:19 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013-09-14 17:32:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Innovative Solutions
[2013-09-14 17:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013-09-14 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2013-09-14 12:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Chasys Draw IES
[2013-09-14 12:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\John Paul Chacha's Lab
[2013-09-14 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileAdvisor
[2013-09-13 21:10:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-09-13 20:54:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswmbr.exe
[2013-09-13 20:45:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-09-13 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio
[2013-09-13 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2013-09-13 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube to MP3 Converter Studio
[2013-09-13 19:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
[2013-09-13 19:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Advisor
[2013-09-13 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013-09-13 19:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2013-09-09 14:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-09-05 14:10:09 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\friends
[2013-08-22 15:39:45 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013-08-22 15:39:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2013-08-22 15:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2013-08-22 15:39:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2013-08-22 15:24:13 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2013-08-22 15:23:59 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2013-08-22 15:22:31 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2013-08-22 15:22:30 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2013-08-22 15:22:28 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2013-08-22 15:07:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013-08-21 17:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-09-14 18:42:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-14 18:42:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-14 18:35:36 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-14 18:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-14 18:35:00 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-14 18:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-14 18:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-14 18:15:17 | 001,029,509 | ---- | M] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
[2013-09-14 18:08:10 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-09-14 18:08:10 | 000,001,134 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-09-14 18:08:10 | 000,000,989 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
[2013-09-14 17:32:17 | 000,000,849 | ---- | M] () -- C:\Users\User\Desktop\Advanced Uninstaller PRO 11.lnk
[2013-09-14 17:21:15 | 095,064,486 | ---- | M] () -- C:\Users\User\Desktop\System Of A Down - Top 30 [ The Best of Greatest Hits ]( HD .mp3
[2013-09-14 17:21:15 | 005,885,371 | ---- | M] () -- C:\Users\User\Desktop\Wings-Misteri Mimpi Syakila(HQ Audio).mp3
[2013-09-14 17:21:13 | 008,185,401 | ---- | M] () -- C:\Users\User\Desktop\Kashmir - Led Zeppelin.mp3
[2013-09-14 17:21:13 | 006,175,853 | ---- | M] () -- C:\Users\User\Desktop\Metallica - Nothing Else Matters [Official Music Video].mp3
[2013-09-14 17:21:13 | 005,300,228 | ---- | M] () -- C:\Users\User\Desktop\Metallica - Enter Sandman [Official Music Video].mp3
[2013-09-14 17:21:13 | 004,532,855 | ---- | M] () -- C:\Users\User\Desktop\Hollywood Undead - _Outside_ (Official Lyric Video).mp3
[2013-09-14 17:21:13 | 004,277,900 | ---- | M] () -- C:\Users\User\Desktop\Cosmo Jarvis - Gay Pirates.mp3
[2013-09-14 17:21:13 | 003,976,552 | ---- | M] () -- C:\Users\User\Desktop\A Life Less Ordinary - Levellers.mp3
[2013-09-14 17:21:13 | 001,930,223 | ---- | M] () -- C:\Users\User\Desktop\Silent Running Joan Baez.mp3
[2013-09-14 16:33:25 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA.job
[2013-09-14 14:15:54 | 000,001,272 | ---- | M] () -- C:\Users\User\Desktop\Snipping Tool.lnk
[2013-09-14 12:36:13 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\Chasys Draw IES Artist.lnk
[2013-09-14 12:36:08 | 000,270,336 | ---- | M] (John Paul Chacha's Lab) -- C:\Windows\ies_Shell.dll
[2013-09-14 12:03:23 | 000,694,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013-09-14 12:03:23 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-09-14 12:03:23 | 000,383,076 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013-09-14 12:03:23 | 000,147,802 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013-09-14 12:03:23 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-09-14 12:03:23 | 000,119,074 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013-09-14 01:00:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core.job
[2013-09-13 21:09:45 | 001,037,278 | ---- | M] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013-09-13 21:00:49 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2013-09-13 20:54:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswmbr.exe
[2013-09-13 19:52:00 | 000,001,191 | ---- | M] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013-09-13 19:48:19 | 000,001,109 | ---- | M] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2013-09-13 19:48:19 | 000,001,104 | ---- | M] () -- C:\Users\User\Desktop\My Music Tools.lnk
[2013-09-12 18:34:36 | 000,103,424 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
[2013-09-12 17:40:33 | 002,522,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-09-12 00:36:08 | 000,015,040 | ---- | M] () -- C:\Users\User\Desktop\Everyone-you-will-ever-meet-knows-something.jpg
[2013-09-12 00:10:14 | 000,063,686 | ---- | M] () -- C:\Users\User\Desktop\10692169-little-siamese-kitten-with-a-football.jpg
[2013-09-11 11:30:00 | 504,095,873 | ---- | M] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-10 13:31:30 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-09-10 00:51:09 | 000,000,093 | ---- | M] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-09-10 00:32:37 | 000,098,905 | ---- | M] () -- C:\Users\User\Desktop\troll_b62a2f_2758678.jpg
[2013-09-09 23:55:25 | 000,105,409 | ---- | M] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-09 16:25:04 | 000,122,067 | ---- | M] () -- C:\Users\User\Desktop\5884-baby-harp-seal.jpg
[2013-09-08 21:35:21 | 000,037,478 | ---- | M] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 01:02:58 | 000,149,563 | ---- | M] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-07 21:51:49 | 000,173,195 | ---- | M] () -- C:\Users\User\Desktop\index.jpg
[2013-09-06 08:46:20 | 000,035,505 | ---- | M] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[2013-09-05 18:54:28 | 000,060,087 | ---- | M] () -- C:\Users\User\Desktop\old pic.jpg
[2013-09-01 16:32:33 | 002,036,540 | ---- | M] () -- C:\Users\User\Desktop\Muse - Take A Bow.MP3
[2013-08-31 10:03:03 | 000,194,560 | -H-- | M] () -- C:\Users\User\Documents\photothumb.db
[2013-08-31 10:01:58 | 000,000,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013-08-27 15:37:50 | 000,028,855 | ---- | M] () -- C:\Users\User\Desktop\natural-selection.jpg
[2013-08-24 01:08:01 | 000,028,194 | ---- | M] () -- C:\Users\User\Desktop\spock-logic-begninning.jpg
[2013-08-22 15:34:28 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:34:28 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-08-20 12:54:23 | 000,000,005 | ---- | M] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-15 22:11:42 | 000,001,438 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-09-14 17:32:17 | 000,000,849 | ---- | C] () -- C:\Users\User\Desktop\Advanced Uninstaller PRO 11.lnk
[2013-09-14 17:32:17 | 000,000,721 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013-09-14 17:32:14 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl
[2013-09-14 17:00:20 | 010,702,988 | ---- | C] () -- C:\Users\User\Desktop\In Extremo - Liam - YouTube.flv
[2013-09-14 16:59:51 | 023,504,956 | ---- | C] () -- C:\Users\User\Desktop\Fairytale of New York - Gianni and Sarah - YouTube.flv
[2013-09-14 16:59:32 | 025,301,945 | ---- | C] () -- C:\Users\User\Desktop\Home - Walk off the Earth + Street Pharmacy (FREE Mp3) - YouTube.flv
[2013-09-14 16:57:46 | 016,257,810 | ---- | C] () -- C:\Users\User\Desktop\Somebody That I Used to Know - Walk off the Earth (Gotye - Cover) - YouTube.flv
[2013-09-14 14:15:54 | 000,001,272 | ---- | C] () -- C:\Users\User\Desktop\Snipping Tool.lnk
[2013-09-14 12:36:13 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\Chasys Draw IES Artist.lnk
[2013-09-13 21:09:52 | 001,037,278 | ---- | C] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013-09-13 21:00:49 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2013-09-13 20:04:50 | 005,885,371 | ---- | C] () -- C:\Users\User\Desktop\Wings-Misteri Mimpi Syakila(HQ Audio).mp3
[2013-09-13 20:00:10 | 095,064,486 | ---- | C] () -- C:\Users\User\Desktop\System Of A Down - Top 30 [ The Best of Greatest Hits ]( HD .mp3
[2013-09-13 20:00:04 | 001,930,223 | ---- | C] () -- C:\Users\User\Desktop\Silent Running Joan Baez.mp3
[2013-09-13 19:59:44 | 006,175,853 | ---- | C] () -- C:\Users\User\Desktop\Metallica - Nothing Else Matters [Official Music Video].mp3
[2013-09-13 19:59:26 | 005,300,228 | ---- | C] () -- C:\Users\User\Desktop\Metallica - Enter Sandman [Official Music Video].mp3
[2013-09-13 19:59:00 | 008,185,401 | ---- | C] () -- C:\Users\User\Desktop\Kashmir - Led Zeppelin.mp3
[2013-09-13 19:58:44 | 004,532,855 | ---- | C] () -- C:\Users\User\Desktop\Hollywood Undead - _Outside_ (Official Lyric Video).mp3
[2013-09-13 19:58:33 | 004,277,900 | ---- | C] () -- C:\Users\User\Desktop\Cosmo Jarvis - Gay Pirates.mp3
[2013-09-13 19:58:20 | 003,976,552 | ---- | C] () -- C:\Users\User\Desktop\A Life Less Ordinary - Levellers.mp3
[2013-09-13 19:52:00 | 000,001,191 | ---- | C] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013-09-13 19:48:19 | 000,001,109 | ---- | C] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2013-09-13 19:48:19 | 000,001,104 | ---- | C] () -- C:\Users\User\Desktop\My Music Tools.lnk
[2013-09-12 00:36:07 | 000,015,040 | ---- | C] () -- C:\Users\User\Desktop\Everyone-you-will-ever-meet-knows-something.jpg
[2013-09-12 00:08:56 | 000,063,686 | ---- | C] () -- C:\Users\User\Desktop\10692169-little-siamese-kitten-with-a-football.jpg
[2013-09-11 11:22:55 | 504,095,873 | ---- | C] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-10 13:45:36 | 000,001,413 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-09-10 13:31:30 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-09-10 00:32:37 | 000,098,905 | ---- | C] () -- C:\Users\User\Desktop\troll_b62a2f_2758678.jpg
[2013-09-09 23:55:25 | 000,105,409 | ---- | C] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-09 16:23:50 | 000,122,067 | ---- | C] () -- C:\Users\User\Desktop\5884-baby-harp-seal.jpg
[2013-09-08 21:35:20 | 000,037,478 | ---- | C] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 01:02:57 | 000,149,563 | ---- | C] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-07 21:45:34 | 000,103,424 | -H-- | C] () -- C:\Users\User\Desktop\photothumb.db
[2013-09-07 21:45:18 | 000,173,195 | ---- | C] () -- C:\Users\User\Desktop\index.jpg
[2013-09-06 08:46:19 | 000,035,505 | ---- | C] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[2013-09-05 18:54:26 | 000,060,087 | ---- | C] () -- C:\Users\User\Desktop\old pic.jpg
[2013-09-05 14:14:04 | 000,194,560 | -H-- | C] () -- C:\Users\User\Documents\photothumb.db
[2013-08-31 10:01:58 | 000,000,042 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013-08-27 15:37:49 | 000,028,855 | ---- | C] () -- C:\Users\User\Desktop\natural-selection.jpg
[2013-08-24 01:08:00 | 000,028,194 | ---- | C] () -- C:\Users\User\Desktop\spock-logic-begninning.jpg
[2013-08-22 15:59:06 | 000,000,174 | -HS- | C] () -- C:\Users\User\Documents\desktop (4).ini
[2013-08-22 15:58:47 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (3).ini
[2013-08-22 15:58:21 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (2).ini
[2013-08-22 15:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:45:21 | 000,694,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013-08-22 15:45:21 | 000,147,802 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013-08-22 15:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013-08-22 00:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013-08-18 23:52:21 | 000,000,093 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-08-18 23:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-15 22:11:42 | 000,001,438 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-02-05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013-02-05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013-02-05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013-02-05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013-02-05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-11-24 00:32:04 | 000,001,866 | ---- | C] () -- C:\Windows\wininit.ini
[2012-11-01 21:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012-11-01 21:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012-07-16 21:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2011-12-14 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011-11-21 20:59:17 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-11-21 20:59:17 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-11-18 19:13:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-18 19:13:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010-12-16 19:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-12-16 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012-12-16 04:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-09-14 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\7 Sticky Notes
[2010-10-22 03:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011-11-09 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011-10-30 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint
[2013-09-14 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013-09-14 12:29:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileAdvisor
[2010-07-27 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2010-07-27 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2013-09-13 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2012-11-29 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2012-08-12 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012-07-29 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moonchild Productions
[2012-04-09 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2013-07-05 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera Software
[2013-06-29 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
[2011-11-09 02:03:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
[2010-11-15 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2013-04-11 16:11:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013-03-21 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2011-11-21 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2013-09-14 17:50:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2011-12-16 06:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateTemp1308534806

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013-08-10 23:24:50 | 001,740,432 | ---- | M] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3
[2013-08-10 23:24:47 | 001,740,432 | ---- | C] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\User\Desktop\poppy pic.jpg:com.dropbox.attributes

< End of report >
  • 0

#18
janji
Posted 14 September 2013 - 11:13 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
done :)


when i looked for AVG 2013 i couldn't find it anywhere,i then searched for it in "programs and files"and nothing came up either,i've downloaded and used this tool,besides the uninstaller already located on my computer. advanced uninstaller pro
the rest of the uninstalls went well.
the writing/letters seem to be less grainy and it's definitly faster.
i'm using the Pale Moon browser btw. :)

ps,i just checked but letters/writing is still grainy :(

Edited by janji, 14 September 2013 - 12:06 PM.

  • 0

#19
godawgs
Posted 14 September 2013 - 09:12 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs and update.

when i looked for AVG 2013 i couldn't find it anywhere,i then searched for it in "programs and files"and nothing came up either,i've downloaded and used this tool,besides the uninstaller already located on my computer. advanced uninstaller pro
the rest of the uninstalls went well.

It's ok if AVG wasn't in the list of installed programs on the computer. It showed up in the OTL log so I wanted you to check for it. Please don't download any tools that I don't ask for.

i'm using the Pale Moon browser btw.

Looks like that's one of the few browsers that KeyScrambler doesn't support. If the browser doesn't support it you might as well uninstall the program.

ps,i just checked but letters/writing is still grainy

Did you update any drivers for your video card/chip lately?
Did you have the ZoneAlarm firewall installed at one time?
Can you tell me what this program is: Chasys Draw IES Artist?

NOTE: Before you run the next two Steps I want you to disable any screen saver you might have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop, click Run As Administrator, then click the Continue button on the UAC window.)
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The MalwareBytes log
3. The ESET scan log (If it found anything). If it didn't just let me know.
4. The checkup.txt log
  • 0

#20
janji
Posted 16 September 2013 - 10:28 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
sorry,wont be downloading anything anymore until this is finished,hope i didn't cause you any problems :wave:

1.letters/writing is ok now,after graphic driver update.
2.yes
3.chasys draw is a photoshop kind of software,downloaded from CNet.

Edited by janji, 16 September 2013 - 10:30 AM.

  • 0

#21
janji
Posted 16 September 2013 - 10:30 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
User :: USER-PC [administrator]

16-Sep-13 4:00:36 PM
mbam-log-2013-09-16 (16-00-36).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417817
Time elapsed: 1 hour(s), 49 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\AdwCleaner\Quarantine\C\Program Files\lucky leap\luckyleapBHO.dll.vir (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.

(end)
  • 0

#22
janji
Posted 16 September 2013 - 12:01 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
C:\AdwCleaner\Quarantine\C\Program Files\lucky leap\luckyleap.Common.dll.vir a variant of MSIL/BrowseFox.A application
C:\AdwCleaner\Quarantine\C\Program Files\lucky leap\updateluckyleap.exe.vir a variant of MSIL/BrowseFox.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\MYC-ST\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application
C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep14.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep17.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep20.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep9.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO14.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO32.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO44.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO56.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep14.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep17.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep20.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep9.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO14.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO32.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO44.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO56.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\content\overlay.js Win32/Adware.Yontoo application
C:\_OTL\MovedFiles\09132013_204543\C_Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application
C:\_OTL\MovedFiles\09132013_204543\C_Users\User\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.F application
C:\_OTL\MovedFiles\09132013_204543\C_Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content\overlay.js JS/Adware.Yontoo.C application
  • 0

#23
janji
Posted 16 September 2013 - 12:08 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#24
janji
Posted 16 September 2013 - 12:14 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
done :)

there is a error message coming up on my computer,saying :"EXT_framebuffer_object extension was not found"
  • 0

#25
godawgs
Posted 16 September 2013 - 10:48 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1.letters/writing is ok now,after graphic driver update.

When did you update the graphics driver? Was it an ATI driver?

there is a error message coming up on my computer,saying :"EXT_framebuffer_object extension was not found"

Everything I find on this shows it related to the ATI graphics or Catalyst Control drivers. Did you make a system restore point before you updated the driver? If you did then you can restore the computer back to before you updated the driver and see if the problem goes away. If it does we will continue cleaning the computer and then deal with this. If the restore date was before you ran MalwareBytes and ESET we will need to run them again...just let me know.
  • 0

Advertisements

#26
janji
Posted 17 September 2013 - 06:48 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
i updated the driver on the 15th sept.,it's working fine now and the letters/writing is clear now.
yes,i think that's the one,an ATI driver.
another problem is that my system restore doesn't seem to work,i tried it several month ago and just after i updated the driver and it fails everytime. :(
  • 0

#27
godawgs
Posted 17 September 2013 - 10:22 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

i updated the driver on the 15th sept.,it's working fine now and the letters/writing is clear now.
yes,i think that's the one,an ATI driver.

Not sure how to help you with that. When we are done I will see if I can get a Tech to look at that.

another problem is that my system restore doesn't seem to work,i tried it several month ago and just after i updated the driver and it fails everytime.

We will look into that. The OTL fixes log that you posted in post #16 shows that OTL was able to create a restore point.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========

Are you able to create restore points but unable to restore the computer to an earlier date or are you not able to create a restore point?

Your antivirus program shows to be out of date. Have you updated it lately? If not please do so.

We've got a few more residual things to take care of. Then we will get a look at the Windows services and see what is wrong with system restore.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
[2013-07-10 15:09:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\4FDACF00-E9C4-4AD5-B4CF-BF9800F184F6@36857116-74E0-4973-936F-860CD2A102A9.COM
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\[email protected]

:FILES
C:\Program Files\CheckPoint
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any Advanced SystemCare Surfing Protection items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Please explain the system restore issue a little more.
2. Let me know the status of the Avast update
3. The OTL fixes log
4. The FSS.txt log
  • 0

#28
janji
Posted 18 September 2013 - 06:00 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
i can create a restore point but after system restore reboots computer it says that it was unable to restore computer to restore point,this has happened several times now,also there are only about 2 restore points available.
  • 0

#29
janji
Posted 18 September 2013 - 06:07 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service IswSvc stopped successfully!
Service IswSvc deleted successfully!
File C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe not found.
Service ISWKL stopped successfully!
Service ISWKL deleted successfully!
File C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
File C:\Program Files\CheckPoint\ZAForceField\TrustChecker not found.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected] folder moved successfully.
========== FILES ==========
C:\Program Files\CheckPoint folder moved successfully.
File\Folder C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 not found.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected]\content folder moved successfully.
C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\extensions\[email protected] folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 82333223 bytes
->Temporary Internet Files folder emptied: 6902710 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 37847783 bytes
->Flash cache emptied: 7933 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108273544 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 24324539 bytes

Total Files Cleaned = 248.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09182013_140217

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#30
janji
Posted 18 September 2013 - 06:15 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Look for any Advanced SystemCare Surfing Protection items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
A confirmation dialog will appear, click Remove.


there weren't any

+i've updated Avast

Edited by janji, 18 September 2013 - 06:20 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP