Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Searchnu, adware, Yontoo and maybe other malware [Solved]

Started by manikmom , Aug 25 2013 05:20 PM

  • This topic is locked This topic is locked

#1
manikmom
Posted 25 August 2013 - 05:20 PM

manikmom

    Member

  • Member
  • PipPip
  • 10 posts
Hello, I am trying to clean up my daughter's computer. Several months ago she had some problems with adware and slow performance so my husband ran some cleaning software, not sure but I think SuperAntiSpyware and maybe the Windows malicious software removal tool. She complained that it still ran slow, so I updated Firefox (she was using Chrome) and noticed a Yontoo extension on Firefox that we thought had been removed. It also keeps redirecting to searchnu.com instead of google as the homepage. I was able to download and run MalwareBytes, and it found 19 infections, including references to Babylon, adware.gameplaylab, PUP.funmoods, searchnu, and others. I saved the log but did NOT clean up the infections - I wanted to wait and see what you recommended. I ran OTL and have posted the log below. I'm not sure how she got whatever crud is on her computer - she does like to play Minecraft and has downloaded different mods from various sites.

Thanks for whatever help you can give me. I will be able to work on this a little during some afternoons and most evenings - I will check my email every day and let you know if I won't be around so you don't think I abandoned the thread.

OTL logfile created on: 8/25/2013 4:22:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.16% Memory free
5.98 Gb Paging File | 4.36 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 147.11 Gb Free Space | 52.53% Space Free | Partition Type: NTFS

Computer Name: LR-LENOVO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/08/25 15:50:47 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\7dd115aa-9445-42da-9978-18e32406b7fa.com
PRC - [2013/08/25 15:40:13 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/25 15:34:52 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/12/17 15:37:46 | 001,094,000 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/25 15:40:11 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/25 15:34:40 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/25 15:27:15 | 000,063,488 | ---- | M] () -- C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/12/17 15:38:04 | 000,231,792 | ---- | M] () -- C:\Windows\libactivboardex.dll
MOD - [2010/12/17 15:37:58 | 000,345,440 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtXml4.dll
MOD - [2010/12/17 15:37:56 | 008,189,280 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtGui4.dll
MOD - [2010/12/17 15:37:56 | 000,919,912 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtNetwork4.dll
MOD - [2010/12/17 15:37:54 | 002,291,552 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtCore4.dll
MOD - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/10/28 13:28:43 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Services (SafeList) ==========

SRV - [2013/08/25 15:34:51 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 14:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 07:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/17 21:49:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2013/08/25 15:57:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/23 07:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/08 15:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 10:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 10:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/25 05:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 17:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 F7 13 35 A1 AF CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00008863b3c48e1
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.80.43
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/25 15:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/12 16:03:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2013/02/15 16:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/08/25 15:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions
[2012/05/06 08:52:17 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
[2012/04/29 12:28:28 | 000,002,519 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\searchplugins\Search_Results.xml
[2013/06/09 16:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/04/29 09:11:10 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/29 12:28:28 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Privacy SafeGuard = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20704898-C8C9-4B8F-AEFC-A652230F2E0E}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/25 15:57:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:55:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/25 15:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/25 15:54:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/25 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/25 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2013/08/18 09:41:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/18 07:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/02/17 22:16:45 | 002,433,280 | ---- | C] (Amazon ) -- C:\Program Files\AmazonGSDownloaderSetup.exe
[2009/02/15 20:48:55 | 021,878,064 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/01/16 23:03:31 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1919491_s1_l1.exe
[2009/01/16 23:01:43 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p2190838_s1_l1.exe
[2009/01/16 22:56:23 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1913212_s1_l1.exe

========== Files - Modified Within 30 Days ==========

[2013/08/25 15:57:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/25 15:55:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:45:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/25 15:27:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/25 15:24:38 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 15:24:38 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 15:21:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/25 15:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 15:18:44 | 2408,292,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/18 09:37:47 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/18 09:37:47 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/18 07:40:49 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2013/08/25 16:03:08 | 000,001,228 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows Explorer.lnk
[2013/08/25 15:55:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:21:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/18 07:40:49 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/09 13:34:32 | 000,311,973 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/06/09 13:34:13 | 000,174,534 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/06/09 13:01:00 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/08 18:51:06 | 000,270,142 | ---- | C] () -- C:\Program Files\Minecraft.exe
[2011/12/04 14:38:36 | 000,009,722 | -HS- | C] () -- C:\ProgramData\p5da76x4dk2ota
[2011/09/30 16:08:28 | 000,228,975 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/09/30 16:08:28 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/09/30 15:15:24 | 000,000,632 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011/09/29 20:41:27 | 000,185,685 | ---- | C] () -- C:\Windows\hpwins23.dat.osupcopy
[2011/09/29 20:41:17 | 000,186,768 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2009/02/08 23:10:51 | 000,606,168 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/08 18:51:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/02/19 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACTIV Software
[2012/04/29 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon
[2011/09/30 15:15:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2012/02/19 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Promethean
[2012/06/06 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Softland

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:FEF0772D
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:EB42AC3C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:36B6EC9F
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:2FC7B9E4

< End of report >
  • 0

Advertisements

#2
SleepyDude
Posted 26 August 2013 - 05:15 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts
Hello Manikmom :welcome:

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to revise your logs... In the meantime can you please post the Extras.txt log OTL created on the Desktop?
Also I would like you to run Malwarebytes click the Logs tab select the most recent one from the list and click the Open button. Notepad will open with the log please copy & paste it contents to your next post. Thanks.
  • 0

#3
manikmom
Posted 26 August 2013 - 05:41 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the quick response. I've posted the Extras log immediately below and the Malwarebytes log below that. Note, I did NOT clean anything up with Malwarebytes, just ran the scan.

I really appreciate your help!



OTL Extras logfile created on: 8/25/2013 4:22:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.16% Memory free
5.98 Gb Paging File | 4.36 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 147.11 Gb Free Space | 52.53% Space Free | Partition Type: NTFS

Computer Name: LR-LENOVO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E0F64D8-7170-4432-9AEB-0F17E3F71ADB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{78E87E35-CC7A-4869-8C79-F4DFCBD53860}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{B6349650-52D8-4D0B-AE05-CAEA433705E8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{BAB5B1F2-4D5E-4B4F-B1C0-90CE7003DD26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09679A20-BE1E-42F0-9E9C-59657984D231}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AAC624F-15DB-46D7-8197-AB60251D619D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4E2829C2-6C71-4DF1-9773-DFB7A586E85C}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{5BEC512B-1826-4D81-80D9-9D77FE4837BB}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{5F84DB8E-C415-479F-B0B9-2CB5583C176B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{706ACD0E-2C4E-4683-AB8D-0631C58F8F59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{80856CFA-E841-4486-944F-1CBCCD0656CB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9874B58B-5FD1-4276-8784-A76F4C7F9D5A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A118F96B-066B-4294-9D4A-628205BBC28E}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{A2753813-F85B-48A5-AE95-08F6DFF9EDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB3ECF28-C8C0-4AF1-ACE3-E56D0DE0E3E9}" = dir=in | app=c:\program files\hp\digital imaging\{fa0f0a01-4631-4161-a6c2-948bf694382e}\setup\hpznui01.exe |
"{AEFD55AF-C511-4CCD-856B-F71C9E7416C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4BE7A03-B03D-4609-B087-4E0DD042B46B}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{B65B54AB-FCAD-4DB2-96E7-D10969F6EEAC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CEEE3B36-99F6-4291-B181-E4437A7F21ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DE532F1A-D1B9-4F02-8FCE-6B7EA8091A62}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{DF559514-89B0-4805-8B12-F3FDFE04A699}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{EC24D97F-4683-41EA-9730-2B76FE6FF4ED}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F0C4E6E5-00D4-4679-BC32-0306061B9277}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{FF7D098F-5F0D-4B66-9FFF-5158BF443143}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{2563CE4D-56F0-43E3-93E3-3AFA0EF95CC8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{34C36132-0E67-4F72-8D82-04A7619D88B8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4267135A-28A2-49E8-A370-07FC1D75F391}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A72E3A95-3307-4E63-ACE0-077BB4D5B1D1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{DA6ABF22-BFB2-49F9-979E-48D1E0EEDB53}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FB2F2C7B-2D44-4A1D-A173-BAFBC58AA441}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{22357C80-0FF7-41AE-8550-7A6C8EDBD6EB}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{367724D2-6496-4086-8195-DA5EDB6823B2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3DA87C3B-AD95-478D-BA02-E50EE5A32076}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6485AF35-2764-4B8B-B746-99554CBCE0CB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B63A91D5-0820-40BC-8107-ABA459DB4366}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D3EA3A79-B7F0-4542-A318-F4AABB441160}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1DD5692A-68CA-4A2F-8F00-1C008DF3274C}" = ActivInspire Core Resources (ENU) v1
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3B4ABF80-EAA2-012B-AE5C-000000000000}" = TurboTax 2009 wnmiper
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{83B48E1F-F38A-4169-A83A-71C7814512F9}" = TurboTax 2010 wnmiper
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{936E2131-D9DB-42F9-96E7-52D2050ACB09}" = ActivDriver x86 v5.7
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C7F89088-1EB4-4B6D-9E3E-2444D13973DE}" = ActivInspire Help (USA) v1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DB078F4F-FC74-4A07-9E07-A6623A18A667}" = ActivInspire HWR Resources (ENU) v1
"{E0EACDDB-81AA-4891-A038-BFBFC6D6A1F3}" = ActivInspire v1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"4 Elements_is1" = 4 Elements
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"BFGC" = Big Fish Games: Game Manager
"BFG-Dynasty" = Dynasty
"BFG-Magic Vines" = Magic Vines&trade;
"BFG-Panda Craze" = Panda Craze
"BFG-Professor Fizzwizzle" = Professor Fizzwizzle
"BFG-Snowy Treasure Hunter 2" = Snowy Treasure Hunter 2
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon MP530 User Registration" = Canon MP530 User Registration
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CursorFX" = CursorFX
"Dynasty_is1" = Dynasty
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"FBackup 4_is1" = FBackup 4
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"Luxor 3" = Luxor 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel® PRO Network Connections 12.1.12.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sandboxie" = Sandboxie 3.62 (32-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"VeriFace III" = VeriFace III
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2013 9:02:39 AM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2013 6:07:57 PM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2013 7:15:30 PM | Computer Name = LR-Lenovo | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 7/30/2013 12:54:04 PM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 3:18:23 PM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 4:10:35 PM | Computer Name = LR-Lenovo | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 8/8/2013 8:42:15 AM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2013 9:07:14 AM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 12:21:14 AM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

Error - 8/25/2013 5:20:35 PM | Computer Name = LR-Lenovo | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/20/2012 9:15:00 AM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:15:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 9:01:58 PM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:01:53 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 5:16:23 AM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 3:16:23 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:03:47 AM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:03:47 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:48:54 PM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:48:52 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 9:13:01 AM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:13:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 9:05:27 PM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:05:26 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 9:26:05 AM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 7:26:05 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 6/22/2012 4:52:21 PM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 2:52:21 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 6/22/2012 4:53:20 PM | Computer Name = LR-Lenovo | Source = MCUpdate | ID = 0
Description = 2:53:12 PM - Error connecting to the internet. 2:53:12 PM - Unable
to contact server..

[ OSession Events ]
Error - 1/16/2010 4:13:11 PM | Computer Name = LR-Lenovo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10172
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/6/2013 5:40:45 PM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.149.1871.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 6/6/2013 5:41:10 PM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.149.1871.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9402.0 Error code: 0x8000ffff Error description: Catastrophic
failure

Error - 6/6/2013 5:41:10 PM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.149.1871.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9402.0 Error code: 0x8000ffff Error description: Catastrophic
failure

Error - 6/6/2013 6:00:32 PM | Computer Name = LR-Lenovo | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 6/6/2013 6:45:56 PM | Computer Name = LR-Lenovo | Source = Application Popup | ID = 877
Description = There was error [DATABASE OPEN FAILED] processing the driver database.

Error - 6/28/2013 4:00:36 PM | Computer Name = LR-Lenovo | Source = Service Control Manager | ID = 7022
Description = The HP Network Devices Support service hung on starting.

Error - 7/6/2013 11:16:57 PM | Computer Name = LR-Lenovo | Source = Service Control Manager | ID = 7022
Description = The HP Network Devices Support service hung on starting.

Error - 7/30/2013 1:04:25 PM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.155.945.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/8/2013 8:53:11 AM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.155.1405.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/8/2013 8:53:11 AM | Computer Name = LR-Lenovo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.155.1405.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >




MALWAREBYTES LOG FOLLOWS:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Administrator :: LR-LENOVO [administrator]

8/25/2013 3:58:10 PM
MBAM-log-2013-08-25 (16-18-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334976
Time elapsed: 20 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://www.searchnu.com/406) Good: (http://www.google.com) -> No action taken.

Folders Detected: 4
C:\Users\Administrator\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.

Files Detected: 7
C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Administrator\AppData\Local\Temp\searchqutoolbar-manifest.xml (PUP.Optional.Searchqu.A) -> No action taken.
C:\Users\Administrator\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (PUP.Optional.Searchqu.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.

(end)
  • 0

#4
SleepyDude
Posted 27 August 2013 - 11:37 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts
Hi Manikmom,

I have checked your logs and now it's time we start some tasks to clean the machine...


Step 1 - Uninstall Programs

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:
  • Privacy SafeGuard version 1.0
  • Java™ 6 Update 31
  • HiJackThis
Note: If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.


Step 2 - Run OTL Fix

!!! Warning !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...


ATTENTION: Before running this fix please disable Malwarebytes and SUPERAntiSpyware both programs have some protection modules that prevents many changes to the system and will attempt to undo any fixes we run.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable both programs by following the directions on this link.

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00008863b3c48e1
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.80.43
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
[2012/05/06 08:52:17 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
[2012/04/29 09:11:10 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - Extension: Privacy SafeGuard = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.0_0\
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
[2012/04/29 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon

:Commands
[EmptyTemp]
[Reboot]
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 3 - Clean with Malwarebytes
  • close all the other running programs, specially the Web browser
  • execute Malwarebytes Posted Image again
  • lets make sure the program is updated, click on tab Update next click the Check for Updates button
  • return to the Scanner tab and select the option Perform quick scan then click the Scan button
  • when the scan finish click the Show Results button to view the results
  • make sure that everything listed is Checked (right click and choose Select All) then click on the Remove Selected button
  • after the removal process Notepad with open showing the log, please Copy & Paste the contents into your next reply
Notes:
- If MBAM encounters a file that is difficult to remove, you will be presented with some prompts, click OK to accept them and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately;
- after restart you can find the MBAM log executing the program again and accessing the Logs tab, make sure you select the more recent one and click Open then Copy & Paste the log contents into your next reply;


Step 4 - Scan with AdwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt


Things I would like to see in your next reply:
  • Any problem with the uninstalls?
  • The OTL Fix log
  • The MBAM log
  • AdwCleaner log AdwCleaner[R1].txt

  • 0

#5
manikmom
Posted 28 August 2013 - 07:57 AM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey, I saw your post and worked on this last night but didn't wait up for the last scan to finish. I will post the results of everything later this afternoon. Just wanted you to know I'm still here!
  • 0

#6
SleepyDude
Posted 28 August 2013 - 08:06 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts

Hey, I saw your post and worked on this last night but didn't wait up for the last scan to finish. I will post the results of everything later this afternoon. Just wanted you to know I'm still here!


Ok Thanks.
  • 0

#7
manikmom
Posted 28 August 2013 - 06:46 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, I was able to get everything done. I had no problems with the uninstalls of PrivacyGuard and Java. Hijack this did not show up on the list of programs to "Install/Uninstall" so I just deleted the executable files. The logs are posted below:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: crossriderapp2258%40crossrider.com:0.80.43 removed from extensions.enabledAddons
Prefs.js: "http://dts.search-re...id=406&sr=0&q=" removed from keyword.URL
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Administrator\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 487898947 bytes
->Temporary Internet Files folder emptied: 40204693 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60759101 bytes
->Google Chrome cache emptied: 13612080 bytes
->Flash cache emptied: 1300 bytes

User: All Users

User: Dan
->Temp folder emptied: 1634365707 bytes
->Temporary Internet Files folder emptied: 103850256 bytes
->Java cache emptied: 429973 bytes
->FireFox cache emptied: 52386748 bytes
->Google Chrome cache emptied: 13742657 bytes
->Flash cache emptied: 36411 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heidi
->Temp folder emptied: 349607126 bytes
->Temporary Internet Files folder emptied: 63988595 bytes
->Java cache emptied: 78471720 bytes
->FireFox cache emptied: 68982902 bytes
->Google Chrome cache emptied: 8840498 bytes
->Flash cache emptied: 26931 bytes

User: Mari
->Temp folder emptied: 1992751 bytes
->Temporary Internet Files folder emptied: 86875822 bytes
->Java cache emptied: 3817316 bytes
->FireFox cache emptied: 52942536 bytes
->Google Chrome cache emptied: 364921068 bytes
->Flash cache emptied: 4795 bytes

User: Nikki
->Temp folder emptied: 47002522 bytes
->Temporary Internet Files folder emptied: 238797647 bytes
->Java cache emptied: 11130715 bytes
->FireFox cache emptied: 48833109 bytes
->Google Chrome cache emptied: 44371308 bytes
->Flash cache emptied: 9069 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 472793190 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,149.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08272013_231803

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





MALWAREBYTES FILE BELOW:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Administrator :: LR-LENOVO [administrator]

8/27/2013 11:31:34 PM
mbam-log-2013-08-27 (23-31-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317173
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 4
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)



ADWCLEANER LOG BELOW:

# AdwCleaner v3.001 - Report created 27/08/2013 at 23:55:48
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - LR-LENOVO
# Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\\invalidprefs.js
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\searchplugins\Search_Results.xml
File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\user.js
File Found : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\user.js
File Found : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\searchplugins\funmoods.xml
File Found : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\user.js
Folder Found : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\Extensions\[email protected]
Folder Found : C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\Administrator\AppData\Local\Babylon
Folder Found C:\Users\Administrator\AppData\Local\Ilivid Player
Folder Found C:\Users\Administrator\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Administrator\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\Administrator\Documents\ShopToWin
Folder Found C:\Users\Dan\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\Mari\AppData\Local\jZip
Folder Found C:\Users\Mari\AppData\LocalLow\jZip
Folder Found C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Folder Found C:\Users\Mari\Uncompressor
Folder Found C:\Users\Nikki\AppData\Local\jZip
Folder Found C:\Users\Nikki\AppData\LocalLow\jZip
Folder Found C:\Users\Nikki\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\Searchqutoolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "137dd41c7fcf659142f00fbd74d783fe");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339446905);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 52);
Line Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339446905");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339446905");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.expiration", "Sun Jun 09 2013 21:40:20 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B_GPL_PLUGIN.st%3D%7B%5C%2[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Jun 09 2013 21:40:20 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Jun 16 2013 16:00:32 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1370835318");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221368543710%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.value", "24");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.value", "1370818704");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.expiration", "Sun Jun 09 2013 22:58:24 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%2232456a9136582027c21cd93a74f21b22%22%3A%7B%22p%22%3A%2[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214353%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214353%26subid%3D%26pid%3D1085%22%7D[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1370815236187");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2244442%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1370815234936");
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "145");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Sun Jun 09 2013 21:53:05 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 39);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 5);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 9);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 4);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 70);
Line Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 145);
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "137dd41c7fcf659142f00fbd74d783fe");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1339446905);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22846912);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22847255);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1370815069757");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1370815069754");
Line Found : user_pref("extensions.enabledAddons", "[email protected]:0.91.143,{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2,{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.12.22.2,{1ced4832-f06e-413f-aa14-[...]
Line Found : user_pref("[email protected]", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_VERSION%&appOS=%APP_OS%&a[...]
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=");

[ File : C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\prefs.js ]

Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

[ File : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\prefs.js ]

Line Found : user_pref("extensions.enabledAddons", "{78d1bf49-f021-4397-9791-83c2bdafb4b0}:1.0,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:1.4.8,[email protected]:1.[...]
Line Found : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "3857ff3c98af1de3");
Line Found : user_pref("extensions.funmoods.admin", false);
Line Found : user_pref("extensions.funmoods.aflt", "axl");
Line Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Found : user_pref("extensions.funmoods.cntry", "US");
Line Found : user_pref("extensions.funmoods.dfltLng", "EN");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dfltlng", "en");
Line Found : user_pref("extensions.funmoods.dfltsrch", true);
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hdrMd5", "FC7F24CF43DE900C055DA25265A8C745");
Line Found : user_pref("extensions.funmoods.hmpg", true);
Line Found : user_pref("extensions.funmoods.hrdid", "0");
Line Found : user_pref("extensions.funmoods.id", "54955e2000000000000008863b3c48e1");
Line Found : user_pref("extensions.funmoods.instlDay", "15459");
Line Found : user_pref("extensions.funmoods.instlRef", "");
Line Found : user_pref("extensions.funmoods.instlday", "15459");
Line Found : user_pref("extensions.funmoods.instlref", "");
Line Found : user_pref("extensions.funmoods.isDcmntCmplt", false);
Line Found : user_pref("extensions.funmoods.keywordurl", "");
Line Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.169:04:00");
Line Found : user_pref("extensions.funmoods.newTab", true);
Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Found : user_pref("extensions.funmoods.newtab", true);
Line Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Found : user_pref("extensions.funmoods.noFFXTlbr", false);
Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Found : user_pref("extensions.funmoods.sg", "none");
Line Found : user_pref("extensions.funmoods.smplGrp", "none");
Line Found : user_pref("extensions.funmoods.smplgrp", "none");
Line Found : user_pref("extensions.funmoods.srch", "");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods.srchprvdr", "Search");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");
Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Found : user_pref("extensions.funmoods.tlbrid", "base");
Line Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Found : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
Line Found : user_pref("extensions.funmoods.vrsnTs", "1.5.11.169:04:00");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
Line Found : user_pref("extensions.funmoods.vrsnts", "1.5.11.169:04:00");
Line Found : user_pref("extensions.funmoods_i.aflt", "axl");
Line Found : user_pref("extensions.funmoods_i.dfltLng", "");
Line Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Line Found : user_pref("extensions.funmoods_i.dnsErr", true);
Line Found : user_pref("extensions.funmoods_i.excTlbr", false);
Line Found : user_pref("extensions.funmoods_i.hmpg", true);
Line Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl");
Line Found : user_pref("extensions.funmoods_i.id", "54955e2000000000000008863b3c48e1");
Line Found : user_pref("extensions.funmoods_i.instlDay", "15459");
Line Found : user_pref("extensions.funmoods_i.instlRef", "");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Line Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.169:04:00");
Line Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=ironto");
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

[ File : C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "137dd2c05fdbb1ab35de5776ac199e07");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339445479);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url(a,f){for(var b=\"source scheme authority userInfo user pass host port relative path directory file q[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Line Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339445479");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339445479");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1339445569");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Mon Jun 18 2012 14:11:33 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%22174.28.93.56%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Rio%20Rancho%22%2C%22ge[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214353%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214353%26subid%3D%26pid%3D1085%22%7D[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214353%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221085%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2244453%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(th[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabID(document):b.getTabID(do[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John Resig\n * Dual licensed under the MI[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Line Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 59);
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "137dd2c05fdbb1ab35de5776ac199e07");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1339445479);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22324091);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22324093);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1339445550682");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1339445550678");
Line Found : user_pref("extensions.enabledAddons", "{78d1bf49-f021-4397-9791-83c2bdafb4b0}:1.0,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:0.80.43,{99079a25-328f-4bd4-be04-0095[...]
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=");

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Search Results");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("browser.search.selectedEngine", "Search Results");
Line Found : user_pref("extensions.crossrider.bic", "140b764aff467c1ffc34ea749c4d149c");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1377466364);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1377466364");
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp2258.bic", "140b764aff467c1ffc34ea749c4d149c");
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1377466364);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22961111);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22961112);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1377667058819");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1377667058808");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
Line Found : user_pref("extentions.y2layers.installId", "8a238bb2-887f-47fc-b7ad-678d181c0d27");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : search_url

*************************

AdwCleaner[R0].txt - [38823 octets] - [27/08/2013 23:55:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [38884 octets] ##########
  • 0

#8
SleepyDude
Posted 29 August 2013 - 01:48 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts
Hi Manikmon,

The last logs show that we have allot more to remove lets do it...


Step 1 - AdwCleaner

  • Close all open windows and browsers
  • Right click on the Posted Image icon you have on the Desktop and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S1].txt

Step 2 - OTL Custom Scan

  • Execute OTL right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed.
    Posted Image
  • tick the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
  • Click the Run Scan button. Let the program run uninterrupted, the scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.


Step 3 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image
  • Make sure the options Remove found threats and Scan Archives are Not ticked.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications


Things I would like to see in your next reply:
  • AdwCleaner log AdwCleaner[S1].txt
  • The new OTL.txt log
  • The ESET log
  • How is the computer running?

  • 0

#9
manikmom
Posted 29 August 2013 - 11:16 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, finally got everything run, the ESET scan took a while. Here are AdwCleaner, OTL and ESET logs:


# AdwCleaner v3.001 - Report created 29/08/2013 at 20:49:53
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - LR-LENOVO
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Dan\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Mari\Uncompressor
Folder Deleted : C:\Users\Mari\AppData\Local\jZip
Folder Deleted : C:\Users\Mari\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Folder Deleted : C:\Users\Nikki\AppData\Local\jZip
Folder Deleted : C:\Users\Nikki\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Nikki\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Administrator\AppData\Local\Babylon
Folder Deleted : C:\Users\Administrator\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Administrator\Documents\ShopToWin
Folder Deleted : C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\Searchqutoolbar
Folder Deleted : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\Extensions\[email protected]
Folder Deleted : C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
File Deleted : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\searchplugins\funmoods.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\\invalidprefs.js
File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\user.js
File Deleted : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\user.js
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "137dd41c7fcf659142f00fbd74d783fe");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339446905);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 52);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339446905");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339446905");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.expiration", "Sun Jun 09 2013 21:40:20 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B_GPL_PLUGIN.st%3D%7B%5C%2[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Jun 09 2013 21:40:20 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Jun 16 2013 16:00:32 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1370835318");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221368543710%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.value", "1370818704");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.expiration", "Sun Jun 09 2013 22:58:24 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%2232456a9136582027c21cd93a74f21b22%22%3A%7B%22p%22%3A%2[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214353%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214353%26subid%3D%26pid%3D1085%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1370815236187");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2244442%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1370815234936");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "145");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Sun Jun 09 2013 21:53:05 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 70);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 145);
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "137dd41c7fcf659142f00fbd74d783fe");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1339446905);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22846912);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22847255);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1370815069757");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1370815069754");
Line Deleted : user_pref("extensions.enabledAddons", "[email protected]:0.91.143,{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2,{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.12.22.2,{1ced4832-f06e-413f-aa14-[...]
Line Deleted : user_pref("[email protected]", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_VERSION%&appOS=%APP_OS%&a[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=");

[ File : C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\prefs.js ]

Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

[ File : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "{78d1bf49-f021-4397-9791-83c2bdafb4b0}:1.0,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:1.4.8,[email protected]:1.[...]
Line Deleted : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "3857ff3c98af1de3");
Line Deleted : user_pref("extensions.funmoods.admin", false);
Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Deleted : user_pref("extensions.funmoods.cntry", "US");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "EN");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Line Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "FC7F24CF43DE900C055DA25265A8C745");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hrdid", "0");
Line Deleted : user_pref("extensions.funmoods.id", "54955e2000000000000008863b3c48e1");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15459");
Line Deleted : user_pref("extensions.funmoods.instlRef", "");
Line Deleted : user_pref("extensions.funmoods.instlday", "15459");
Line Deleted : user_pref("extensions.funmoods.instlref", "");
Line Deleted : user_pref("extensions.funmoods.isDcmntCmplt", false);
Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.169:04:00");
Line Deleted : user_pref("extensions.funmoods.newTab", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Deleted : user_pref("extensions.funmoods.newtab", true);
Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Line Deleted : user_pref("extensions.funmoods.srch", "");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.11.169:04:00");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
Line Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.11.169:04:00");
Line Deleted : user_pref("extensions.funmoods_i.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Line Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl");
Line Deleted : user_pref("extensions.funmoods_i.id", "54955e2000000000000008863b3c48e1");
Line Deleted : user_pref("extensions.funmoods_i.instlDay", "15459");
Line Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.169:04:00");
Line Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=ironto");
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

[ File : C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "137dd2c05fdbb1ab35de5776ac199e07");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339445479);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url(a,f){for(var b=\"source scheme authority userInfo user pass host port relative path directory file q[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339445479");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339445479");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1339445569");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Mon Jun 18 2012 14:11:33 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%22174.28.93.56%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Rio%20Rancho%22%2C%22ge[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2214353%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2214353%26subid%3D%26pid%3D1085%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214353%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221085%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2244453%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(th[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabID(document):b.getTabID(do[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John Resig\n * Dual licensed under the MI[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 59);
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "137dd2c05fdbb1ab35de5776ac199e07");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1339445479);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22324091);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22324093);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1339445550682");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1339445550678");
Line Deleted : user_pref("extensions.enabledAddons", "{78d1bf49-f021-4397-9791-83c2bdafb4b0}:1.0,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302,[email protected]:0.80.43,{99079a25-328f-4bd4-be04-0095[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=");

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("extensions.crossrider.bic", "140b764aff467c1ffc34ea749c4d149c");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1377466364);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1377466364");
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "140b764aff467c1ffc34ea749c4d149c");
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1377466364);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22961111);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22961112);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1377667058819");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1377667058808");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
Line Deleted : user_pref("extentions.y2layers.installId", "8a238bb2-887f-47fc-b7ad-678d181c0d27");

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : search_url

*************************

AdwCleaner[R0].txt - [38965 octets] - [27/08/2013 23:55:48]
AdwCleaner[R1].txt - [39024 octets] - [29/08/2013 20:48:14]
AdwCleaner[S0].txt - [39720 octets] - [29/08/2013 20:49:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39781 octets] ##########






OTL logfile created on: 8/29/2013 8:55:17 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.35% Memory free
5.98 Gb Paging File | 4.50 Gb Available in Paging File | 75.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 145.73 Gb Free Space | 52.04% Space Free | Partition Type: NTFS

Computer Name: LR-LENOVO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/12/17 15:37:46 | 001,094,000 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/29 20:52:19 | 000,063,488 | ---- | M] () -- C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/12/17 15:38:04 | 000,231,792 | ---- | M] () -- C:\Windows\libactivboardex.dll
MOD - [2010/12/17 15:37:58 | 000,345,440 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtXml4.dll
MOD - [2010/12/17 15:37:56 | 008,189,280 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtGui4.dll
MOD - [2010/12/17 15:37:56 | 000,919,912 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtNetwork4.dll
MOD - [2010/12/17 15:37:54 | 002,291,552 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtCore4.dll
MOD - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/10/28 13:28:43 | 000,507,904 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2008/10/28 13:28:43 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Services (SafeList) ==========

SRV - [2013/08/25 15:34:51 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 14:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 07:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/17 21:49:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/23 07:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/08 15:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 10:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 10:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/25 05:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 17:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DA 5D F5 0C 6E AB BB 49 8A 49 AC 3B E4 37 F9 F5 [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DA 5D F5 0C 6E AB BB 49 8A 49 AC 3B E4 37 F9 F5 [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 F7 13 35 A1 AF CC 01 [binary data]
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/25 15:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/12 16:03:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2013/02/15 16:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/08/25 15:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions
[2013/06/09 16:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1109407528-1217558092-1064992270-500\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20704898-C8C9-4B8F-AEFC-A652230F2E0E}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 23:54:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/27 23:18:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/25 15:57:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/25 15:54:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/25 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/25 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2013/08/18 09:41:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/18 09:34:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/18 09:34:00 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/18 09:33:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/18 09:33:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/18 09:33:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/18 09:33:57 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/18 09:33:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/18 09:33:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/18 09:33:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/18 09:33:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/18 07:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/08/18 07:31:09 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/18 07:31:08 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/18 07:26:45 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/18 07:24:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/02/17 22:16:45 | 002,433,280 | ---- | C] (Amazon ) -- C:\Program Files\AmazonGSDownloaderSetup.exe
[2009/02/15 20:48:55 | 021,878,064 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/01/16 23:03:31 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1919491_s1_l1.exe
[2009/01/16 23:01:43 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p2190838_s1_l1.exe
[2009/01/16 22:56:23 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1913212_s1_l1.exe

========== Files - Modified Within 30 Days ==========

[2013/08/29 20:59:05 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 20:59:05 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 20:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/29 20:52:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/29 20:51:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/29 20:51:36 | 2408,292,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/29 20:45:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/27 23:53:29 | 000,994,642 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:55:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:40:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/25 15:40:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/25 15:21:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/18 09:37:47 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/18 09:37:47 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/18 07:40:49 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2013/08/27 23:52:38 | 000,994,642 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013/08/25 16:03:08 | 000,001,228 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows Explorer.lnk
[2013/08/25 15:55:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:21:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/18 07:40:49 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/09 13:34:32 | 000,311,973 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/06/09 13:34:13 | 000,174,534 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/06/09 13:01:00 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/08 18:51:06 | 000,270,142 | ---- | C] () -- C:\Program Files\Minecraft.exe
[2011/12/04 14:38:36 | 000,009,722 | -HS- | C] () -- C:\ProgramData\p5da76x4dk2ota
[2011/09/30 16:08:28 | 000,228,975 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/09/30 16:08:28 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/09/30 15:15:24 | 000,000,632 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011/09/29 20:41:27 | 000,185,685 | ---- | C] () -- C:\Windows\hpwins23.dat.osupcopy
[2011/09/29 20:41:17 | 000,186,768 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2009/02/08 23:10:51 | 000,606,168 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/08 18:51:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/02/19 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACTIV Software
[2011/09/30 15:15:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2012/02/19 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Promethean
[2012/06/06 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Softland
[2011/04/09 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ACD Systems
[2012/09/10 17:30:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ACTIV Software
[2010/01/09 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2009/12/23 10:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon
[2011/02/11 10:54:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ICAClient
[2010/01/09 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2010/01/09 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\InterVideo
[2010/02/19 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\NewSoft
[2012/09/10 17:57:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Promethean
[2010/01/09 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ScanSoft
[2010/01/09 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Thunderbird
[2010/04/05 16:01:11 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\ACD Systems
[2010/01/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Amazon
[2009/12/23 10:08:16 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Canon
[2010/01/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\GARMIN
[2011/02/20 10:33:16 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\ICAClient
[2010/01/09 14:45:02 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\NewSoft
[2013/07/20 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\.minecraft
[2013/03/15 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\.technic
[2010/01/09 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\ACD Systems
[2012/04/14 09:03:16 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\ACTIV Software
[2011/02/13 11:33:41 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\ICAClient
[2012/04/15 00:01:19 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Promethean
[2012/06/07 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Softland
[2010/01/09 14:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Super-Cow
[2011/05/01 16:38:19 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Unity
[2012/04/03 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\.minecraft
[2010/01/24 16:20:10 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\ACD Systems
[2012/02/19 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\ACTIV Software
[2011/03/27 14:17:39 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\ICAClient
[2010/01/09 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\NewSoft
[2012/02/19 22:17:44 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Promethean
[2010/03/21 09:19:01 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Super-Cow
[2011/12/05 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 19:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 22:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 19:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 06:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 06:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 23:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 15:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 23:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 19:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 06:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 19:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 19:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 10:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 19:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 04:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 23:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 23:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 19:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 06:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 19:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 23:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 19:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 06:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 06:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 22:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 06:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 06:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 06:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 06:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 06:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 19:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 06:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 19:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 06:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:FEF0772D
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:EB42AC3C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:36B6EC9F
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:2FC7B9E4

< End of report >


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fa8a7ae6ecd1184c876a862325bd14d4
# engine=14035
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-10 02:47:52
# local_time=2013-06-09 08:47:52 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 60404222 122377263 0 0
# scanned=220961
# found=20
# cleaned=20
# scan_time=6006
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="a variant of Win32/Toolbar.Babylon.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Babylon\Setup\BExternal.dll"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="a variant of Win32/Toolbar.Babylon.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Babylon\Setup\Setup.exe"
sh=EB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846 ft=1 fh=fc79af95b58d1e11 vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WY5Q9O3\MyBabylonTB[1]"
sh=AF2055716C3479465178FDA2BCE2A384D9C3D900 ft=1 fh=2c3e41334e99ecd2 vn="Win32/Adware.Yontoo application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK49XN8J\ezLooker-S-Setup_Suite1[1].exe"
sh=027DF2D2944EA506A71D61928674C2CC42A8FE69 ft=1 fh=4c97c45eed1dce37 vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
sh=AF6978F4185769EEB2798D0CF841A12E1FB8FCB9 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Local\Temp\YontooLayers\background.html"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]\content\overlay.js"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome.manifest"
sh=6058DDF2BD514F528095ADFC018886F50AE84325 ft=0 fh=0000000000000000 vn="JS/Agent.NDO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome\xulcache.jar"
sh=707D525D07E04E4034F8D48704018999CD8FBEC7 ft=1 fh=3a65cf5aca825269 vn="a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dan\Downloads\7zipap_718.exe"
sh=CA0DD543FAC9F41DD50D9E0237766A19720BE617 ft=1 fh=f39b89c1b6883bdc vn="a variant of Win32/Adware.iBryte.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dan\Downloads\Setup.exe"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome.manifest"
sh=6058DDF2BD514F528095ADFC018886F50AE84325 ft=0 fh=0000000000000000 vn="JS/Agent.NDO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome\xulcache.jar"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome.manifest"
sh=6058DDF2BD514F528095ADFC018886F50AE84325 ft=0 fh=0000000000000000 vn="JS/Agent.NDO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome\xulcache.jar"
sh=E0AB3E78CF9AFF3FE7C1E2629E7E73D597E2BD36 ft=1 fh=bb1f3b8f13f39234 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mari\Downloads\cnet2_MarbleBlastGoldDemo_1_4_1_Installer_exe.exe"
sh=AFD9643D162B25A5D3DADF4C950F5814C943FD29 ft=1 fh=ab513c1f82c59286 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mari\Downloads\FFDictionaryToolbarInstaller_DIC2V5_tbr_sa_hpr_1.9.1.0.exe"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome.manifest"
sh=6058DDF2BD514F528095ADFC018886F50AE84325 ft=0 fh=0000000000000000 vn="JS/Agent.NDO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome\xulcache.jar"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fa8a7ae6ecd1184c876a862325bd14d4
# engine=14947
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-30 04:35:19
# local_time=2013-08-29 10:35:19 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2874545 129382110 0 0
# scanned=199453
# found=0
# cleaned=0
# scan_time=4815
  • 0

#10
manikmom
Posted 29 August 2013 - 11:19 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oops, forgot to mention that the computer seems to be running better - closer to normal speed. I will have to check with my daughter -she had problems running Powerpoint for a school project, I think.
  • 0

Advertisements

#11
SleepyDude
Posted 30 August 2013 - 07:08 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts
Hello Manikmon,

Oops, forgot to mention that the computer seems to be running better - closer to normal speed. I will have to check with my daughter -she had problems running Powerpoint for a school project, I think.

Ok, let me know of any problems.


The new logs are looking allot better lets clean some last bits...


Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
[CreateRestorePoint]

:Files
C:\Users\Administrator\AppData\Local\Babylon
C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar
C:\Users\Administrator\AppData\Local\Temp\YontooLayers
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}

:Commands
[EmptyTemp]
[Reboot]
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 2 - Security Check

Download Security Check by screen317 from here or here.
  • Save it to the Desktop.
  • Right click on the icon Posted Image and choose Run as Administrator. Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I would like to see in your next reply:
  • The OTL Fix log
  • The checkup.txt log
  • Any other problems?

  • 0

#12
manikmom
Posted 30 August 2013 - 06:08 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks, the computer is definitely running faster. Here are the logs from OTL and Security Check:

:Commands
[CreateRestorePoint]

:Files
C:\Users\Administrator\AppData\Local\Babylon
C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar
C:\Users\Administrator\AppData\Local\Temp\YontooLayers
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}

:Commands
[EmptyTemp]
[Reboot]


Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 28.0.1500.95
Google Chrome 29.0.1547.62
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#13
SleepyDude
Posted 31 August 2013 - 05:31 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts

Thanks, the computer is definitely running faster. Here are the logs from OTL and Security Check:

:Commands
[CreateRestorePoint]

:Files
C:\Users\Administrator\AppData\Local\Babylon
C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar
C:\Users\Administrator\AppData\Local\Temp\YontooLayers
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}

:Commands
[EmptyTemp]
[Reboot]


Hi Manikmom,

It seems you posted the OTL script and not the log!

You should find the OTL fix log in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run. Please post that.
  • 0

#14
manikmom
Posted 31 August 2013 - 04:34 PM

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oops, so sorry! That's what I get for not double checking. Here's the log:

OTL logfile created on: 8/30/2013 5:30:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.49% Memory free
5.98 Gb Paging File | 4.70 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 151.21 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: LR-LENOVO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/12/17 15:37:46 | 001,094,000 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/30 17:06:25 | 000,063,488 | ---- | M] () -- C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/12/17 15:38:04 | 000,231,792 | ---- | M] () -- C:\Windows\libactivboardex.dll
MOD - [2010/12/17 15:37:58 | 000,345,440 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtXml4.dll
MOD - [2010/12/17 15:37:56 | 008,189,280 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtGui4.dll
MOD - [2010/12/17 15:37:56 | 000,919,912 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtNetwork4.dll
MOD - [2010/12/17 15:37:54 | 002,291,552 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtCore4.dll
MOD - [2010/12/17 15:37:50 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/10/28 13:28:43 | 000,507,904 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2008/10/28 13:28:43 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Services (SafeList) ==========

SRV - [2013/08/25 15:34:51 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 14:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 07:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/17 21:49:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 13:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/23 07:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/08 15:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 10:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 10:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/25 05:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 17:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 F7 13 35 A1 AF CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/25 15:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/12 16:03:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2013/02/15 16:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/08/25 15:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions
[2013/06/09 16:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/31 10:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 15:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20704898-C8C9-4B8F-AEFC-A652230F2E0E}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 23:54:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/27 23:18:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/25 15:57:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/25 15:54:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/25 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/25 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2013/08/18 09:41:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/18 09:34:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/18 09:34:00 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/18 09:33:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/18 09:33:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/18 09:33:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/18 09:33:57 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/18 09:33:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/18 09:33:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/18 09:33:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/18 09:33:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/18 07:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/08/18 07:31:09 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/18 07:31:08 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/18 07:26:45 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/18 07:24:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/02/17 22:16:45 | 002,433,280 | ---- | C] (Amazon ) -- C:\Program Files\AmazonGSDownloaderSetup.exe
[2009/02/15 20:48:55 | 021,878,064 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/01/16 23:03:31 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1919491_s1_l1.exe
[2009/01/16 23:01:43 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p2190838_s1_l1.exe
[2009/01/16 22:56:23 | 000,208,480 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p1913212_s1_l1.exe

========== Files - Modified Within 30 Days ==========

[2013/08/30 17:06:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/30 16:57:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/30 16:45:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/30 16:42:06 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/30 16:42:06 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/30 16:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/30 16:34:43 | 2408,292,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 23:53:29 | 000,994,642 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013/08/25 15:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/08/25 15:55:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:40:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/25 15:40:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/25 15:21:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/18 09:37:47 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/18 09:37:47 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/18 07:40:49 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2013/08/27 23:52:38 | 000,994,642 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013/08/25 16:03:08 | 000,001,228 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows Explorer.lnk
[2013/08/25 15:55:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 15:21:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2013/08/25 15:20:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2013/08/18 07:40:49 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/09 13:34:32 | 000,311,973 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/06/09 13:34:13 | 000,174,534 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/06/09 13:01:00 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/08 18:51:06 | 000,270,142 | ---- | C] () -- C:\Program Files\Minecraft.exe
[2011/12/04 14:38:36 | 000,009,722 | -HS- | C] () -- C:\ProgramData\p5da76x4dk2ota
[2011/09/30 16:08:28 | 000,228,975 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/09/30 16:08:28 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/09/30 15:15:24 | 000,000,632 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011/09/29 20:41:27 | 000,185,685 | ---- | C] () -- C:\Windows\hpwins23.dat.osupcopy
[2011/09/29 20:41:17 | 000,186,768 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2009/02/08 23:10:51 | 000,606,168 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :Commands >

< >

< :Files >

< C:\Users\Administrator\AppData\Local\Babylon >

< C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar >

< C:\Users\Administrator\AppData\Local\Temp\YontooLayers >

< C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected] >

< C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} >

< C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} >

< C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} >

< C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} >

< >

< :Commands >

< [EmptyTemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:FEF0772D
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:EB42AC3C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:36B6EC9F
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:2FC7B9E4

< End of report >
  • 0

#15
SleepyDude
Posted 01 September 2013 - 05:33 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,976 posts
Hi,

Please repeat this step and make sure you click the Posted Image button not the Run Scan

Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
[CreateRestorePoint]

:Files
C:\Users\Administrator\AppData\Local\Babylon
C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar
C:\Users\Administrator\AppData\Local\Temp\YontooLayers
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected]
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}

:Commands
[EmptyTemp]
[Reboot]
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

Things I would like to see in your next reply:
  • The OTL Fix log mmddyyyy_hhmmss.log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP