Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/alureon.gen!D


  • Please log in to reply

#1
maylene36

maylene36

    New Member

  • Member
  • Pip
  • 2 posts
I can't remove this I have done system restore a couple of times. When I am typing anything it stalls and then starts typing in a previous sentence. I have tried cleaning it using miscrosoft essentials but it tells me I need to download something else and when I do it doesn't work. I constantly hear commercials even though there is nothing on the computer playing. I have tried AVG and a removal tool and nothing happens. This is a laptop for work and home.....I need help!





OTL logfile created on: 9/9/2013 10:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 48.14% Memory free
6.86 Gb Paging File | 5.12 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): c:\pagefile.sys 4215 4215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 111.93 Gb Free Space | 37.56% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/09 10:37:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2013/09/09 10:17:16 | 020,597,896 | ---- | M] (Microsoft Corporation) -- C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N22CVM6S\Windows-KB890830-V5.3.exe
PRC - [2013/08/06 16:20:45 | 000,888,152 | ---- | M] (BitTorrent Inc.) -- C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/08/05 16:00:38 | 000,089,736 | ---- | M] (Microsoft Corporation) -- c:\ed3229dc90e036ba9f8f9ef708a2\mrtstub.exe
PRC - [2013/07/26 06:11:20 | 002,847,696 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013/07/06 20:05:33 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/20 09:39:25 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/22 08:48:40 | 000,740,712 | ---- | M] (Spigot, Inc.) -- C:\Users\owner\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/28 09:23:57 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/03/06 02:23:52 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/21 06:00:52 | 000,031,744 | ---- | M] () -- C:\Program Files\SoftwareUpdater\UpdaterService.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/01/03 18:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 14:35:22 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2011/02/18 14:35:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/18 04:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 04:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/22 06:02:09 | 000,187,888 | ---- | M] () -- C:\Users\owner\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
MOD - [2013/07/26 06:11:20 | 002,847,696 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013/07/26 06:10:11 | 002,691,536 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/04/10 14:25:57 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 18:30:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 06:11:20 | 002,847,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/21 06:00:52 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater)
SRV - [2012/01/02 17:25:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 04:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akwxq4vb)
DRV - [2013/09/09 10:18:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\MpEngineStore\MpKslf5e00431.sys -- (MpKslf5e00431)
DRV - [2013/07/13 20:31:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/19 04:50:40 | 000,069,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/28 11:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/04/28 05:31:54 | 000,841,248 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV - [2009/09/15 06:36:26 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/18 05:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {16FCDC6D-C68B-49E3-9B84-49AA29D3EF13}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...123511&tsp=4966
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 45 6B E8 79 38 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={SearchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...123511&tsp=4966
IE - HKCU\..\SearchScopes\{2B0448E9-B32A-4180-960D-63C1735D90B8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNMZ_enUS533
IE - HKCU\..\SearchScopes\{8BF4B8EF-5C40-4E22-86CC-973FF02CA17F}: "URL" = http://websearch.ask...41-A4830D1336EC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{F110B89C-0A19-459C-9EF8-9D6EB90B40D0}: "URL" = http://search.condui...1952010258&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/28 09:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsFinder\FF\ [2013/09/09 13:51:49 | 000,000,000 | ---D | M]

[2013/08/05 21:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2013/07/03 23:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\extensions
[2013/07/03 23:08:07 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/07/03 21:41:27 | 000,000,000 | ---D | M] (Secure Web) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2013/08/05 21:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/09 07:10:29 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/27 20:45:06 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Secure Web) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\SecureWeb\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NTRedirect] C:\Users\owner\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4 - HKCU..\Run: [SearchProtection] C:\Users\owner\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\owner\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62FCF4B-315A-4CE6-9908-DFC464D9C9D4}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/09 10:18:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2013/09/09 10:17:17 | 000,000,000 | ---D | C] -- C:\ed3229dc90e036ba9f8f9ef708a2
[2013/09/09 09:57:50 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Spotify
[2013/09/09 07:29:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG2013
[2013/09/09 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\TuneUp Software
[2013/09/09 07:23:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/09 07:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/09/09 07:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/09/09 07:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/09/09 07:12:50 | 000,000,000 | ---D | C] -- C:\rei
[2013/09/09 07:11:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Avg2013
[2013/09/09 07:11:54 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\MFAData
[2013/09/09 07:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/09 07:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/09 07:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/09/09 07:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/09/09 07:08:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/07 11:45:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\season 1-2
[2013/08/12 16:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/09/09 10:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/09 10:10:57 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013/09/09 10:04:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 10:04:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 09:57:18 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_owner.job
[2013/09/09 09:57:16 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/09/09 09:57:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/09 09:56:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/09 09:56:24 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/07 11:55:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/07 11:45:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/07 11:45:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/07 11:42:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288888694-923107074-453946186-1000UA.job
[2013/09/07 00:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_owner.job
[2013/09/06 23:42:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288888694-923107074-453946186-1000Core.job
[2013/09/06 22:59:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_owner.job
[2013/09/03 22:01:03 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/29 11:23:55 | 000,023,943 | ---- | M] () -- C:\Users\owner\Desktop\SSA submission.odt
[2013/08/25 20:28:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/08/25 20:28:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/08/17 15:29:15 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\xjPnQE79
[2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\ProgramData\l0dvlMaV3u
[2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\4TEhdi2Qhj6
[2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\TLTW18CPd6
[2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\QqKNw6Aga
[2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\ProgramData\KU3EwZUilfn
[2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\ProgramData\TctSZ91eZb
[2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\LEbti71DFC
[2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\4tqTkCXr
[2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\l8dltZ7r3e
[2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\6abadmDF6
[2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\ProgramData\088JPAIk7
[2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\ProgramData\e0wuUUqX
[2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\dUKESibpT
[2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\BadbbIymuS
[2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\Un87RxvAJ8T
[2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\PGwx7U09
[2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\ProgramData\eyZDGobA0
[2013/08/14 20:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(22).dat

========== Files Created - No Company Name ==========

[2013/08/30 21:43:02 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_owner.job
[2013/08/30 21:43:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_owner.job
[2013/08/30 21:43:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_owner.job
[2013/08/29 11:23:52 | 000,023,943 | ---- | C] () -- C:\Users\owner\Desktop\SSA submission.odt
[2013/08/25 20:28:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/08/25 20:28:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/08/17 15:01:29 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\xjPnQE79
[2013/08/17 15:01:29 | 000,182,272 | ---- | C] () -- C:\ProgramData\l0dvlMaV3u
[2013/08/17 15:01:29 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\4TEhdi2Qhj6
[2013/08/17 14:58:40 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\TLTW18CPd6
[2013/08/17 14:58:40 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\QqKNw6Aga
[2013/08/17 14:58:40 | 000,182,272 | ---- | C] () -- C:\ProgramData\KU3EwZUilfn
[2013/08/17 14:55:53 | 000,182,272 | ---- | C] () -- C:\ProgramData\TctSZ91eZb
[2013/08/17 14:55:53 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\LEbti71DFC
[2013/08/17 14:55:53 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\4tqTkCXr
[2013/08/17 14:53:09 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\l8dltZ7r3e
[2013/08/17 14:53:09 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\6abadmDF6
[2013/08/17 14:53:09 | 000,182,272 | ---- | C] () -- C:\ProgramData\088JPAIk7
[2013/08/17 14:49:53 | 000,182,272 | ---- | C] () -- C:\ProgramData\e0wuUUqX
[2013/08/17 14:49:53 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\dUKESibpT
[2013/08/17 14:49:53 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\BadbbIymuS
[2013/08/17 14:31:35 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Local\Un87RxvAJ8T
[2013/08/17 14:31:35 | 000,182,272 | ---- | C] () -- C:\Users\owner\AppData\Roaming\PGwx7U09
[2013/08/17 14:31:35 | 000,182,272 | ---- | C] () -- C:\ProgramData\eyZDGobA0
[2013/06/27 19:34:18 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:00:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 20:00:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2012/01/23 17:31:47 | 000,109,016 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/28 11:58:07 | 000,293,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 20:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/09 07:29:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG2013
[2013/08/05 21:52:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BabSolution
[2013/08/05 21:51:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Babylon
[2013/08/30 12:50:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DAEMON Tools Lite
[2013/08/05 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Delta
[2013/04/15 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2013/07/03 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Search Protection
[2013/09/09 09:57:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spotify
[2013/09/09 07:25:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TuneUp Software
[2013/09/09 10:50:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 9/9/2013 10:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 48.14% Memory free
6.86 Gb Paging File | 5.12 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): c:\pagefile.sys 4215 4215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 111.93 Gb Free Space | 37.56% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A12B94-AE49-46C3-A412-EAE3BCDAC848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12B4E9A8-DADB-411C-9E55-FAD0C2B0860C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C229DEE-965A-471D-A75D-282F2193B189}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F585255-B7B0-4530-A2FB-5C61C72A9AA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25EFEE38-7B7A-44AE-81C9-CC776011B542}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26BB66F0-351B-4713-80B0-560436B2DBDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3153B21E-B627-475D-AB12-9936C6010021}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47D21AD8-B3D2-4134-9C68-862E02B9211A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EC5DAA6-D8D7-4254-9F60-5A34C6664A82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57F76448-2D0B-40B1-B37C-1DFBC7AF144B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76B231AC-5670-42B7-9E11-EB05D476A8D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{859DE302-DAB3-4CCD-9991-E3EB71BBF3C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{87A6F333-FF05-472C-8DC4-68180A2DAEC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A26EE5F9-C312-4DCC-967C-0100E78CEFB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2F7D5B3-2A2A-4D38-A788-F5968EF09066}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B0899821-3E7F-455D-80FD-C85C7AFDBED0}" = lport=138 | protocol=17 | dir=in | app=system |
"{E516B941-705C-4B9E-BCDD-8EDC253C973E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EEFD6A66-141D-4CC4-9953-5D684522BAF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7C5F325-6E31-479B-B698-1E9BD082FC87}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA33C75E-C6B8-40F7-B1C8-A45A207A1A28}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE84FB8F-2D01-4276-8FEB-2B416441B395}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E2F45-6949-489D-8AAC-4887474CBEA3}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B5B06B6-D76E-4257-AC2B-C202EF107AFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F95CC6A-F76F-4851-8D7F-924A627DB8C7}" = protocol=58 | dir=in | [email protected],-28545 |
"{2A886BD8-BD56-481D-A40A-89D82C0646A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D5BA625-E441-401F-B207-8A02F4BC797D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6338FE0C-5FCB-44F0-A98F-82D09E8F4CD3}" = protocol=6 | dir=out | app=system |
"{6BC615C9-064E-4D10-B8C1-6E7481981A38}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{6C660A59-CAF6-427D-8EEB-4C42869CF497}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72807884-1DF4-4EF5-9EE7-423B35FAB1AC}" = protocol=1 | dir=out | [email protected],-28544 |
"{73065708-A8CF-422D-9A95-3CE5B5C4695D}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{758743D4-5AA4-4571-B665-95D1DA133FF0}" = protocol=58 | dir=out | [email protected],-28546 |
"{8051071A-ECBF-4A39-AA76-93320779D06B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8410C821-9793-4465-BBAA-485501061480}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E40E24A-06DA-475B-8B38-143A4BF0C238}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{9357ACFA-16EA-4590-A8B7-F94B7DF02DD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3038994-048B-48B8-A7F2-5378F1B17D1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B009F234-DF7A-4466-8163-16853295A4EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B65EC710-4A49-4251-A4F5-317A9961A382}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B6CF342C-8511-4DFE-8701-6D949A0A58CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03B3ED2-9164-4082-BA3E-03294DEF3F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C80F29C8-C1C7-489C-8BFA-CE1587663C4F}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{E6F7B965-E2DA-427E-8CAF-6BC6EF2A0FAD}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{EC58A8C1-7E95-4B00-8F8A-34EE0557FFE3}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{F22A1A22-6A0C-498E-ADAA-69F9FE6588FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC66C02D-30E5-470C-876B-2BC5C9DE021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender

Edited by maylene36, 09 September 2013 - 09:30 AM.

  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, maylene36 and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

  • Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer. :)
  • Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  • Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  • Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  • Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  • Finally, enjoy the fight! ;)
Okay, let's start. I see that Extras.txt log isn't properly copied.

  • Find Extras.txt file in C:\Users\owner\Downloads folder.
  • Open it.
  • Press the following key seqeunce

    Ctrl+A

    after that

    Ctrl+C
  • Paste the contents of this log in your next message.

  • 0

#3
maylene36

maylene36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL Extras logfile created on: 9/9/2013 12:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 42.07% Memory free
6.86 Gb Paging File | 5.18 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): c:\pagefile.sys 4215 4215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 111.43 Gb Free Space | 37.39% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A12B94-AE49-46C3-A412-EAE3BCDAC848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12B4E9A8-DADB-411C-9E55-FAD0C2B0860C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C229DEE-965A-471D-A75D-282F2193B189}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F585255-B7B0-4530-A2FB-5C61C72A9AA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25EFEE38-7B7A-44AE-81C9-CC776011B542}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26BB66F0-351B-4713-80B0-560436B2DBDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3153B21E-B627-475D-AB12-9936C6010021}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47D21AD8-B3D2-4134-9C68-862E02B9211A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EC5DAA6-D8D7-4254-9F60-5A34C6664A82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57F76448-2D0B-40B1-B37C-1DFBC7AF144B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76B231AC-5670-42B7-9E11-EB05D476A8D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{859DE302-DAB3-4CCD-9991-E3EB71BBF3C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{87A6F333-FF05-472C-8DC4-68180A2DAEC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A26EE5F9-C312-4DCC-967C-0100E78CEFB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2F7D5B3-2A2A-4D38-A788-F5968EF09066}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B0899821-3E7F-455D-80FD-C85C7AFDBED0}" = lport=138 | protocol=17 | dir=in | app=system |
"{E516B941-705C-4B9E-BCDD-8EDC253C973E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EEFD6A66-141D-4CC4-9953-5D684522BAF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7C5F325-6E31-479B-B698-1E9BD082FC87}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA33C75E-C6B8-40F7-B1C8-A45A207A1A28}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE84FB8F-2D01-4276-8FEB-2B416441B395}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E2F45-6949-489D-8AAC-4887474CBEA3}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B5B06B6-D76E-4257-AC2B-C202EF107AFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F95CC6A-F76F-4851-8D7F-924A627DB8C7}" = protocol=58 | dir=in | [email protected],-28545 |
"{2A886BD8-BD56-481D-A40A-89D82C0646A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D5BA625-E441-401F-B207-8A02F4BC797D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6338FE0C-5FCB-44F0-A98F-82D09E8F4CD3}" = protocol=6 | dir=out | app=system |
"{6BC615C9-064E-4D10-B8C1-6E7481981A38}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{6C660A59-CAF6-427D-8EEB-4C42869CF497}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72807884-1DF4-4EF5-9EE7-423B35FAB1AC}" = protocol=1 | dir=out | [email protected],-28544 |
"{73065708-A8CF-422D-9A95-3CE5B5C4695D}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{758743D4-5AA4-4571-B665-95D1DA133FF0}" = protocol=58 | dir=out | [email protected],-28546 |
"{8051071A-ECBF-4A39-AA76-93320779D06B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8410C821-9793-4465-BBAA-485501061480}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E40E24A-06DA-475B-8B38-143A4BF0C238}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{9357ACFA-16EA-4590-A8B7-F94B7DF02DD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3038994-048B-48B8-A7F2-5378F1B17D1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B009F234-DF7A-4466-8163-16853295A4EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B65EC710-4A49-4251-A4F5-317A9961A382}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B6CF342C-8511-4DFE-8701-6D949A0A58CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03B3ED2-9164-4082-BA3E-03294DEF3F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C80F29C8-C1C7-489C-8BFA-CE1587663C4F}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"{E6F7B965-E2DA-427E-8CAF-6BC6EF2A0FAD}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{EC58A8C1-7E95-4B00-8F8A-34EE0557FFE3}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{F22A1A22-6A0C-498E-ADAA-69F9FE6588FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC66C02D-30E5-470C-876B-2BC5C9DE021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = Web Cake 3.00
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"[email protected]" = Lyrics Finder
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"RealPlayer 16.0" = RealPlayer
"SecureWeb" = Secure Web
"SoftwareUpdater" = SoftwareUpdater
"Wajam" = Wajam
"WhiteSmoke_New Toolbar" = WhiteSmoke New Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Search Protection" = Search Protection
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2013 4:05:21 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16660 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1324 Start
Time: 01ceab366eb876f8 Termination Time: 6568 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 9/6/2013 5:04:19 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: jscript9.dll, version: 10.0.9200.16660,
time stamp: 0x51f1ccd0 Exception code: 0xc0000005 Fault offset: 0x00001c7b Faulting
process id: 0x430 Faulting application start time: 0x01cea66924ff8088 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\jscript9.dll
Report
Id: e51eeab8-1737-11e3-9cdd-60eb6952f422

Error - 9/6/2013 8:17:02 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_enhancedNT.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x001a96e0 Faulting process id:
0xff4 Faulting application start time: 0x01ceab5f77b69b5c Faulting application path:
C:\Windows\System32\rundll32.exe Faulting module path: unknown Report Id: d0d7742d-1752-11e3-b100-60eb6952f422

Error - 9/7/2013 5:07:17 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: MSHTML.dll, version: 10.0.9200.16660, time
stamp: 0x51f1d37a Exception code: 0xc0000005 Fault offset: 0x00321462 Faulting process
id: 0x454 Faulting application start time: 0x01ceab5f4b4f46aa Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: e48f72e0-179c-11e3-b100-60eb6952f422

Error - 9/7/2013 5:57:13 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: MSHTML.dll, version: 10.0.9200.16660, time
stamp: 0x51f1d37a Exception code: 0xc0000005 Fault offset: 0x00321462 Faulting process
id: 0x1304 Faulting application start time: 0x01ceabaa00c02f92 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: de10cd23-17a3-11e3-b100-60eb6952f422

Error - 9/7/2013 2:12:34 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_enhancedNT.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0038f850 Faulting process id:
0xf28 Faulting application start time: 0x01ceabdfa5729fb6 Faulting application path:
C:\Windows\System32\rundll32.exe Faulting module path: unknown Report Id: 114f8621-17e9-11e3-b2e1-60eb6952f422

Error - 9/8/2013 6:23:52 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/8/2013 6:23:52 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 664767

Error - 9/8/2013 6:23:52 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 664767

Error - 9/8/2013 6:27:24 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_enhancedNT.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x00039342 Faulting
process id: 0xfa4 Faulting application start time: 0x01ceace27024cbe7 Faulting application
path: C:\Windows\System32\rundll32.exe Faulting module path: C:\Windows\system32\ole32.dll
Report
Id: d54c80fe-18d5-11e3-b2b0-60eb6952f422

[ Media Center Events ]
Error - 3/13/2012 11:26:12 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 10:26:12 PM - Error connecting to the internet. 10:26:12 PM - Unable
to contact server..

Error - 3/13/2012 11:26:24 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 10:26:17 PM - Error connecting to the internet. 10:26:17 PM - Unable
to contact server..

Error - 3/29/2012 11:54:39 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 10:54:38 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/3/2013 1:02:50 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:02:45 AM - Error connecting to the internet. 12:02:45 AM - Unable
to contact server..

[ System Events ]
Error - 6/2/2013 12:55:25 PM | Computer Name = User-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/2/2013 12:55:25 PM | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/2/2013 12:55:25 PM | Computer Name = User-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/2/2013 12:55:25 PM | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/2/2013 1:21:37 PM | Computer Name = User-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/3/2013 4:37:27 PM | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:36:46 PM on ?6/?3/?2013 was unexpected.

Error - 6/3/2013 4:37:26 PM | Computer Name = User-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 6/3/2013 4:37:26 PM | Computer Name = User-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/3/2013 4:38:26 PM | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/3/2013 5:36:14 PM | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:35:30 PM on ?6/?3/?2013 was unexpected.


< End of report >
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Step 1. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:

  • BrowserDefender
  • DAEMON Tools Toolbar
  • Delta toolbar
  • Delta Chrome Toolbar
  • Lyrics Finder
  • Secure Web
  • SoftwareUpdater
  • Wajam
  • WhiteSmoke New Toolbar
  • Web Cake 3.00
  • Search Protection
Step 2. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - [2013/07/26 06:11:20 | 002,847,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
    SRV - [2012/12/21 06:00:52 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akwxq4vb)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...123511&tsp=4966
    IE - HKCU\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...123511&tsp=4966
    IE - HKCU\..\SearchScopes\{8BF4B8EF-5C40-4E22-86CC-973FF02CA17F}: "URL" = http://websearch.ask...41-A4830D1336EC
    IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
    IE - HKCU\..\SearchScopes\{F110B89C-0A19-459C-9EF8-9D6EB90B40D0}: "URL" = http://search.condui...1952010258&UM=2
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsFinder\FF\ [2013/09/09 13:51:49 | 000,000,000 | ---D | M]
    [2013/07/03 23:08:07 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
    [2013/07/03 21:41:27 | 000,000,000 | ---D | M] (Secure Web) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
    O2 - BHO: (Secure Web) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\SecureWeb\IE\common.dll (Creative Island Media, LLC)
    O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [NTRedirect] C:\Users\owner\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
    O4 - HKCU..\Run: [SearchProtection] C:\Users\owner\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
    [2013/09/09 10:10:57 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
    [2013/09/07 00:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_owner.job
    [2013/09/06 22:59:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_owner.job
    [2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\xjPnQE79
    [2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\ProgramData\l0dvlMaV3u
    [2013/08/17 15:01:19 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\4TEhdi2Qhj6
    [2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\TLTW18CPd6
    [2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\QqKNw6Aga
    [2013/08/17 14:58:29 | 000,182,272 | ---- | M] () -- C:\ProgramData\KU3EwZUilfn
    [2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\ProgramData\TctSZ91eZb
    [2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\LEbti71DFC
    [2013/08/17 14:55:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\4tqTkCXr
    [2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\l8dltZ7r3e
    [2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\6abadmDF6
    [2013/08/17 14:52:59 | 000,182,272 | ---- | M] () -- C:\ProgramData\088JPAIk7
    [2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\ProgramData\e0wuUUqX
    [2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\dUKESibpT
    [2013/08/17 14:49:43 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\BadbbIymuS
    [2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Local\Un87RxvAJ8T
    [2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\Users\owner\AppData\Roaming\PGwx7U09
    [2013/08/17 14:31:25 | 000,182,272 | ---- | M] () -- C:\ProgramData\eyZDGobA0
    [2013/08/05 21:52:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BabSolution
    [2013/08/05 21:51:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Babylon
    [2013/08/05 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Delta
    [2013/07/03 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Search Protection
    
    :Files
    C:\Program Files\WhiteSmoke_New
    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\SecureWeb
    C:\Program Files\LyricsFinder
    c:\ProgramData\BrowserDefender
    C:\Program Files\Wajam
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 3. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on Scan button. Scan could take some time to proceed.
  • Click on the Clean button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.
Step 4. TDSSKiller scan

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
So, please, don't forget to post in your next message:

  • OTL.txt
  • Extras.txt
  • AdwCleaner log
  • TDSSKiller log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP