Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Security Pro Spyware/Malware [Solved]

Started by dar124 , Sep 18 2013 07:28 AM

  • This topic is locked This topic is locked

#1
dar124
Posted 18 September 2013 - 07:28 AM

dar124

    Member

  • Member
  • PipPip
  • 87 posts
Hello, so I've been trying to help a friend out with his mom's desktop PC and wanted to run some things by the forum here. This is a Lenovo desktop PC with a 2.6GHz Pentium, 6GB of RAM and running Windows 7 Home Premium 64bit. Initially they told me that the PC had the FBI MoneyPak virus so I tried to go thru my friend to have him walk his mom thru running Malwarebytes in safe mode, etc but they ended up dropping the PC off for me to look at. I havent seen anything like the FBI virus on it, but a couple of issues that I noticed right off the bat:


The PC kept getting Antivirus Security Pro fake PC scans and pop ups.
There wasnt an anti-virus program installed.
There is an Action Center warning "Turn on Windows Security Center Service". I have tried to turn on the service but get an error message "Windows Security Center service cant be started".
Windows Firewall is off and I'm unable to turn it on and get an error code 0x80070424 (I have googled this and looks it like it might be because of a zero access rootkit infection)??
After installing MSE, I get errors when it tries to update its definitions.


I wasnt able to do much (install Malwarebytes, launch IE, etc) on the PC because of the Antivirus Security Pro pop ups. So after a bit of googling I found a "fake" activation code for Antivirus Security Pro. I used that to activate it and then was able to install and run a Malwarebytes scan in Safe Mode. That scan found/removed 125 items. I installed and ran a HitMan Pro scan and it found/repaired/removed multiple items. I also installed MSE and ran a scan which found "0 items" and I ran CCleaner. I also removed a handful of tool bars (Ask.com, a few coupon tool bars, bing, weather, etc).


After that, the PC seems to be running "better". There arent the Antivirus Security Pro pop ups, no issues getting online, etc. But I'm still getting the Action Center warning to turn on Windows Security Center Service (which I still cant do) and I'm not able to turn on the Windows Firewall. So I'm thinking that there is still something going on on the PC. I ran an OTL scan and will post the logs below. Thanks in advance.





OTL logfile created on: 9/17/2013 9:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\My Computer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 67.58% Memory free
11.70 Gb Paging File | 9.87 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 853.33 Gb Free Space | 94.15% Space Free | Partition Type: NTFS

Computer Name: MYCOMPUTER-PC | User Name: My Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 21:20:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
PRC - [2013/05/08 12:40:14 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 12:40:14 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/05/07 11:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2013/02/23 19:20:28 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
PRC - [2013/02/23 19:20:28 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2012/11/16 12:36:04 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/12/01 02:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
PRC - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/07/16 12:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/01 02:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/16 12:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/02 22:18:16 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2013/08/21 15:32:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 10:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/08 12:40:14 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/05/07 11:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/02/23 19:20:28 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/17 19:06:19 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fgsfnfrf.sys -- (fgsfnfrf)
DRV:64bit: - [2013/09/17 19:04:22 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\jmxtyjhv.sys -- (jmxtyjhv)
DRV:64bit: - [2013/08/05 16:23:14 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/07 11:54:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2013/05/07 11:54:20 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 23:44:24 | 000,057,856 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 00:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/20 21:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/07 11:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/05/07 11:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001078d2fba895
IE - HKCU\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasi...s={searchTerms}
IE - HKCU\..\SearchScopes\{B026CAD2-567A-472D-857A-6ADD250F5605}: "URL" = http://websearch.ask...06-5951E36196DE
IE - HKCU\..\SearchScopes\{C43EA820-75F9-4EC8-AFFC-574DC5E693A6}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKCU\..\SearchScopes\{F799DF71-18CA-4E27-B244-0F656FDB34CD}: "URL" = http://search.yahoo....39,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\My Computer\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013/02/23 19:20:32 | 000,000,000 | ---D | M]

[2012/04/07 07:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...=UP97DF&PC=UP97
CHR - homepage: http://www.msn.com/?...97&ocid=UP97DHP
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Motive Extension = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: Wajam = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: WhiteSmoke US New = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\
CHR - Extension: Skype Click to Call = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: SaveValet = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.60_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD278831-3A08-4F61-B993-2E0A1ACC4117}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 21:20:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2013/09/17 18:27:52 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/09/17 18:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/17 18:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/17 18:12:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/09/16 20:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/16 20:14:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/16 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/16 20:14:13 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\Programs
[2013/09/16 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Desktop\FBI MoneyPak virus removal
[2013/09/16 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Desktop\Anti Virus
[2013/08/29 19:13:46 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
[2013/08/29 17:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\3v7a339g
[2013/08/22 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\{26D224A4-7548-44AC-8C5B-445A21F08EEC}
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/17 21:20:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2013/09/17 20:52:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/17 20:34:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/17 19:54:20 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 19:54:20 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 19:03:57 | 000,727,120 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/17 19:03:57 | 000,624,606 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/17 19:03:57 | 000,106,724 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/17 18:57:51 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/17 18:57:50 | 000,000,422 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/09/17 18:57:40 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/09/17 18:57:38 | 417,677,311 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/17 18:21:31 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/09/17 18:12:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/09/17 18:12:13 | 000,007,974 | ---- | M] () -- C:\windows\SysNative\bootdelete.lst
[2013/09/17 17:59:05 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/16 20:14:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 18:52:18 | 000,000,004 | ---- | M] () -- C:\Users\My Computer\AppData\Roaming\cache.ini
[2013/08/26 17:46:00 | 000,000,450 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/08/24 18:33:38 | 000,000,288 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/08/22 15:31:43 | 000,000,000 | ---- | M] () -- C:\END
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/17 18:21:15 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 18:12:13 | 000,007,974 | ---- | C] () -- C:\windows\SysNative\bootdelete.lst
[2013/09/16 20:14:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/05 15:24:10 | 000,000,004 | ---- | C] () -- C:\Users\My Computer\AppData\Roaming\cache.ini
[2013/08/21 15:32:31 | 000,039,539 | ---- | C] () -- C:\Users\My Computer\Documents\angel.jpg
[2013/06/21 20:43:37 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\kwexnirh
[2013/06/21 17:18:20 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\evmgamab
[2013/06/21 17:02:21 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\abpoemig
[2013/06/20 20:42:13 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\mubfdxte
[2013/06/20 17:20:24 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\eotuicvv
[2013/06/20 17:08:17 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\dbttrrcf
[2013/06/20 07:46:04 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\munbiwiv
[2013/06/19 21:33:47 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\notwtgub
[2013/06/19 17:24:46 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\nofnsggb
[2013/06/19 17:12:43 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\ehuubtex
[2013/06/18 15:44:26 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\cvaoedbf
[2013/06/18 08:46:25 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\ndurhshk
[2013/06/18 06:47:35 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\blmxahje
[2013/06/18 06:35:20 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\lnootbik
[2013/06/16 13:04:32 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\igpscehq
[2013/06/16 12:58:18 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\pucbbjrx
[2012/12/22 04:17:20 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/04/27 20:17:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\6fa1c017dfb24388bc5927b822912f86_c
[2012/01/18 17:53:22 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2012/01/01 21:16:41 | 000,043,073 | ---- | C] () -- C:\Users\My Computer\.DLMSave_back.xml
[2012/01/01 21:16:41 | 000,043,073 | ---- | C] () -- C:\Users\My Computer\.DLMSave.xml
[2012/01/01 21:16:04 | 000,001,245 | ---- | C] () -- C:\Users\My Computer\.Setting.ini
[2011/12/23 10:53:38 | 000,743,066 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/10 13:32:03 | 000,000,032 | ---- | C] () -- C:\Users\My Computer\jagex_cl_runescape_LIVE.dat
[2011/09/22 20:49:40 | 000,000,129 | ---- | C] () -- C:\Users\My Computer\jagex_runescape_preferences2.dat
[2011/09/22 20:48:20 | 000,000,035 | ---- | C] () -- C:\Users\My Computer\jagex_runescape_preferences.dat
[2011/09/22 17:47:57 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/05 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\.minecraft
[2011/08/24 09:49:31 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Atari
[2012/04/27 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\BargainMatch
[2013/02/27 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Catalina Marketing Corp
[2012/12/04 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Fighters
[2013/06/27 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Garmin
[2011/08/24 09:43:09 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Leadertech
[2012/04/07 08:15:15 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\OfficeSuiteX
[2012/07/30 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Registry Mechanic
[2012/02/26 09:31:03 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Rovio
[2013/06/28 22:18:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\ShopAtHome
[2013/08/15 03:23:28 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\SoftGrid Client
[2011/12/23 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\TP
[2012/02/04 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Visan

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >












OTL Extras logfile created on: 9/17/2013 9:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\My Computer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 67.58% Memory free
11.70 Gb Paging File | 9.87 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 853.33 Gb Free Space | 94.15% Space Free | Partition Type: NTFS

Computer Name: MYCOMPUTER-PC | User Name: My Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATT-ATT Management Agent" = ATT Management Agent
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CouponAlert_2pbar Uninstall" = CouponAlert Toolbar
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"Google Chrome" = Google Chrome
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NETGEAR Genie" = NETGEAR Genie
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ShopAtHome.com Helper" = ShopAtHome.com Helper
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator
"SOE-Free Realms" = Free Realms

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2013 4:17:15 PM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2013 4:17:36 PM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: VERSION.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb2b Exception code: 0xc0000005 Fault offset: 0x000015da Faulting
process id: 0xff4 Faulting application start time: 0x01ce9218c9f111aa Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\windows\SysWOW64\VERSION.dll
Report
Id: 10e6a357-fe0c-11e2-a875-1078d2fba895

Error - 8/5/2013 4:18:52 PM | Computer Name = MyComputer-PC | Source = SendoriService | ID = 99
Description = In the enable methodObject reference not set to an instance of an
object.

Error - 8/6/2013 9:58:53 AM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x000000000000b114
Faulting
process id: 0x8fc Faulting application start time: 0x01ce9218c39021ae Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 53512376-fea0-11e2-a875-1078d2fba895

Error - 8/6/2013 6:38:06 PM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635,
time stamp: 0x51b7a921 Faulting module name: jscript9.dll, version: 10.0.9200.16635,
time stamp: 0x51b7adec Exception code: 0xc0000005 Fault offset: 0x00073c97 Faulting
process id: 0x1ef8 Faulting application start time: 0x01ce92e99a79075b Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\windows\SysWOW64\jscript9.dll Report Id: dc49c1c2-fee8-11e2-a875-1078d2fba895

Error - 8/7/2013 5:29:15 PM | Computer Name = MyComputer-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 8/9/2013 7:31:54 PM | Computer Name = MyComputer-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 8/12/2013 8:01:47 PM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LogitechUpdate.exe, version: 2.17.17.0,
time stamp: 0x4cc0a7bc Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e0a7 Faulting
process id: 0x57c8 Faulting application start time: 0x01ce97b84d589a13 Faulting application
path: C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe Faulting module
path: C:\windows\SysWOW64\ntdll.dll Report Id: 8b91711a-03ab-11e3-a875-1078d2fba895

Error - 8/12/2013 9:20:24 PM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.1.9.4, time stamp:
0x513f4a9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1284 Faulting application
start time: 0x01ce9218cf2bc45a Faulting application path: C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe Faulting module path: unknown Report Id: 86bdb349-03b6-11e3-a875-1078d2fba895

Error - 8/14/2013 6:03:19 PM | Computer Name = MyComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NETGEARGenie.exe, version: 0.0.0.0, time
stamp: 0x5152b386 Faulting module name: QtCore4.dll, version: 4.7.0.0, time stamp:
0x4c8d7570 Exception code: 0x40000015 Fault offset: 0x00167ad5 Faulting process id:
0x1708 Faulting application start time: 0x01ce9219b49eef9f Faulting application path:
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe Faulting module path:
C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll Report Id: 5373cf06-052d-11e3-a875-1078d2fba895

[ SendoriLogs Events ]
Error - 9/16/2013 7:26:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:31:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:36:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:41:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:46:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:51:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 7:56:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 8:01:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 8:06:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 9/16/2013 8:11:05 PM | Computer Name = MyComputer-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

[ System Events ]
Error - 10/6/2012 1:07:42 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/6/2012 8:20:13 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the UMVPFSrv service.

Error - 10/7/2012 2:36:19 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/7/2012 8:41:26 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/8/2012 10:50:16 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/8/2012 3:08:04 PM | Computer Name = MyComputer-PC | Source = DCOM | ID = 10010
Description =

Error - 10/8/2012 8:16:06 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 2 time(s).

Error - 10/9/2012 3:33:11 PM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/10/2012 5:02:45 PM | Computer Name = MyComputer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:00:11 AM on ?10/?10/?2012 was unexpected.

Error - 10/10/2012 5:02:50 PM | Computer Name = MYCOMPUTER-PC | Source = BugCheck | ID = 1001
Description =


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 18 September 2013 - 08:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still a fair bit of adware there, let me know what problems there are on completion of this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/02/23 19:20:28 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001078d2fba895
IE - HKCU\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasi...s={searchTerms}
IE - HKCU\..\SearchScopes\{B026CAD2-567A-472D-857A-6ADD250F5605}: "URL" = http://websearch.ask...06-5951E36196DE
IE - HKCU\..\SearchScopes\{C43EA820-75F9-4EC8-AFFC-574DC5E693A6}: "URL" = http://websearch.sho...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013/02/23 19:20:32 | 000,000,000 | ---D | M]
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
[2013/09/17 18:27:52 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/08/29 19:13:46 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
[2013/08/29 17:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\3v7a339g
[2013/09/17 18:57:50 | 000,000,422 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/08/26 17:46:00 | 000,000,450 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/08/24 18:33:38 | 000,000,288 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/08/22 15:31:43 | 000,000,000 | ---- | M] () -- C:\END
[2013/06/21 20:43:37 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\kwexnirh
[2013/06/21 17:18:20 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\evmgamab
[2013/06/21 17:02:21 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\abpoemig
[2013/06/20 20:42:13 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\mubfdxte
[2013/06/20 17:20:24 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\eotuicvv
[2013/06/20 17:08:17 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\dbttrrcf
[2013/06/20 07:46:04 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\munbiwiv
[2013/06/19 21:33:47 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\notwtgub
[2013/06/19 17:24:46 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\nofnsggb
[2013/06/19 17:12:43 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\ehuubtex
[2013/06/18 15:44:26 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\cvaoedbf
[2013/06/18 08:46:25 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\ndurhshk
[2013/06/18 06:47:35 | 000,598,808 | ---- | C] () -- C:\Users\My Computer\AppData\Local\blmxahje
[2013/06/18 06:35:20 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\lnootbik
[2013/06/16 13:04:32 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\igpscehq
[2013/06/16 12:58:18 | 000,045,960 | ---- | C] () -- C:\Users\My Computer\AppData\Local\pucbbjrx
[2012/12/22 04:17:20 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/04/27 20:17:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\6fa1c017dfb24388bc5927b822912f86_c
[2012/04/27 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\BargainMatch
[2013/02/27 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Catalina Marketing Corp
[2013/06/28 22:18:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\ShopAtHome

:Files
C:\Program Files (x86)\CouponAlert_2p
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb
C:\Program Files (x86)\Yontoo Layers Runtime
C:\Users\My Computer\AppData\Roaming\ShopAtHome

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
dar124
Posted 18 September 2013 - 07:44 PM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Here's the logs. There were 2 from the OTL scans and 1 from the JRT scan.

Things seem a bit better. The firewall is now on and I resolved an Action Center problem by turning on Windows Automatic Updates.



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service CouponAlert_2pService stopped successfully!
Service CouponAlert_2pService deleted successfully!
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B026CAD2-567A-472D-857A-6ADD250F5605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B026CAD2-567A-472D-857A-6ADD250F5605}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C43EA820-75F9-4EC8-AFFC-574DC5E693A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C43EA820-75F9-4EC8-AFFC-574DC5E693A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin\ deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ deleted successfully.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}\ deleted successfully.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ deleted successfully.
File C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3462c343-be19-4143-af70-cefb56f46fc6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6}\ deleted successfully.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
File C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3462C343-BE19-4143-AF70-CEFB56F46FC6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6}\ not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponAlert_2p Browser Plugin Loader deleted successfully.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully.
C:\AI_RecycleBin\{0A3A669E-7A99-434A-8E27-94A64FCB6585}\5 folder moved successfully.
C:\AI_RecycleBin\{0A3A669E-7A99-434A-8E27-94A64FCB6585}\2 folder moved successfully.
C:\AI_RecycleBin\{0A3A669E-7A99-434A-8E27-94A64FCB6585} folder moved successfully.
C:\AI_RecycleBin folder moved successfully.
C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro folder moved successfully.
C:\ProgramData\3v7a339g folder moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Updates.job moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 Scan.job moved successfully.
C:\END moved successfully.
C:\Users\My Computer\AppData\Local\kwexnirh moved successfully.
C:\Users\My Computer\AppData\Local\evmgamab moved successfully.
C:\Users\My Computer\AppData\Local\abpoemig moved successfully.
C:\Users\My Computer\AppData\Local\mubfdxte moved successfully.
C:\Users\My Computer\AppData\Local\eotuicvv moved successfully.
C:\Users\My Computer\AppData\Local\dbttrrcf moved successfully.
C:\Users\My Computer\AppData\Local\munbiwiv moved successfully.
C:\Users\My Computer\AppData\Local\notwtgub moved successfully.
C:\Users\My Computer\AppData\Local\nofnsggb moved successfully.
C:\Users\My Computer\AppData\Local\ehuubtex moved successfully.
C:\Users\My Computer\AppData\Local\cvaoedbf moved successfully.
C:\Users\My Computer\AppData\Local\ndurhshk moved successfully.
C:\Users\My Computer\AppData\Local\blmxahje moved successfully.
C:\Users\My Computer\AppData\Local\lnootbik moved successfully.
C:\Users\My Computer\AppData\Local\igpscehq moved successfully.
C:\Users\My Computer\AppData\Local\pucbbjrx moved successfully.
C:\Windows\SysWOW64\shortcut_ex.dat moved successfully.
C:\ProgramData\6fa1c017dfb24388bc5927b822912f86_c moved successfully.
C:\Users\My Computer\AppData\Roaming\BargainMatch folder moved successfully.
C:\Users\My Computer\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar folder moved successfully.
C:\Users\My Computer\AppData\Roaming\ShopAtHome\ShopAtHomeHelper folder moved successfully.
C:\Users\My Computer\AppData\Roaming\ShopAtHome folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\CouponAlert_2p\bar\Settings folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Message folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\gen1 folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\html folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0 folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\_locales\en folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\_locales folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\toolbarImages folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\sl folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\lib\jquery.alerts folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\lib folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\core folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\WEATHER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\TWITTER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\SEARCH folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\Optimizer folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\wa folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\menu\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\menu\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\menu\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\menu folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\gf\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\gf\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\gf\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\gf folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui\dlg folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ui folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp\spsd\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp\spsd folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp\spbd\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp\spbd folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\sp folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\options\js\resources folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\options\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\options\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\options\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\options folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\msd folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\api folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ac\res folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ac\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ac\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\ac folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\aboutBox\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\aboutBox\images folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al\aboutBox folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb\al folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\tb folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\plugins folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages\img folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages\html folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages\css folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages\API folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\NewTabPages folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search\html folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\Search folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\plugins folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js\toolbarAPI folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js\tabs\back folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js\tabs folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js\options folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js\lib folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.19.2.505_0 folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0\tb\al\wa folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0\tb\al folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0\tb folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.16.70.501_0 folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.60_0 folder moved successfully.
C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb folder moved successfully.
C:\Program Files (x86)\Yontoo Layers Runtime folder moved successfully.
File\Folder C:\Users\My Computer\AppData\Roaming\ShopAtHome not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: My Computer
->Temp folder emptied: 7400842 bytes
->Temporary Internet Files folder emptied: 10747476 bytes
->Java cache emptied: 3276165 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57052 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 129611 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 166922973 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 180.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09182013_204244

Files\Folders moved on Reboot...
C:\Users\My Computer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\My Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







OTL logfile created on: 9/18/2013 9:25:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\My Computer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 4.67 Gb Available Physical Memory | 79.75% Memory free
11.70 Gb Paging File | 10.48 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 853.05 Gb Free Space | 94.12% Space Free | Partition Type: NTFS

Computer Name: MYCOMPUTER-PC | User Name: My Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 21:20:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 12:40:14 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 12:40:14 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/05/07 11:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/11/16 12:36:04 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/12/01 02:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
PRC - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/07/16 12:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/01 02:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/16 12:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/02 22:18:16 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2013/08/21 15:32:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 10:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 12:40:14 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/05/07 11:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/05 16:23:14 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/07 11:54:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2013/05/07 11:54:20 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 23:44:24 | 000,057,856 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 00:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/20 21:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/07 11:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/05/07 11:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F799DF71-18CA-4E27-B244-0F656FDB34CD}: "URL" = http://search.yahoo....39,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\My Computer\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]

[2012/04/07 07:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...=UP97DF&PC=UP97
CHR - homepage: http://www.msn.com/?...97&ocid=UP97DHP
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Motive Extension = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/09/18 20:43:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD278831-3A08-4F61-B993-2E0A1ACC4117}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/18 20:42:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/18 20:42:26 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\My Computer\Desktop\JRT.exe
[2013/09/17 21:42:18 | 000,000,000 | ---D | C] -- C:\windows\Logs
[2013/09/17 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/17 21:20:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2013/09/17 18:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/17 18:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/17 18:12:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/09/16 20:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/16 20:14:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/16 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/16 20:14:13 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\Programs
[2013/09/16 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Desktop\FBI MoneyPak virus removal
[2013/09/16 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Desktop\Anti Virus
[2013/08/22 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\{26D224A4-7548-44AC-8C5B-445A21F08EEC}

========== Files - Modified Within 30 Days ==========

[2013/09/18 21:22:20 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/18 21:22:07 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/09/18 21:22:04 | 417,677,311 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/18 20:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/18 20:43:33 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/09/18 20:42:26 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\My Computer\Desktop\JRT.exe
[2013/09/18 20:34:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/18 18:01:12 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 18:01:12 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 17:58:16 | 000,727,120 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/18 17:58:16 | 000,624,606 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/18 17:58:16 | 000,106,724 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/17 21:42:10 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/17 21:20:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2013/09/17 18:21:31 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/09/17 18:12:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/09/17 18:12:13 | 000,007,974 | ---- | M] () -- C:\windows\SysNative\bootdelete.lst
[2013/09/17 17:59:05 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/16 20:14:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 18:52:18 | 000,000,004 | ---- | M] () -- C:\Users\My Computer\AppData\Roaming\cache.ini

========== Files Created - No Company Name ==========

[2013/09/17 21:42:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/17 21:42:10 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/17 18:21:15 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 18:12:13 | 000,007,974 | ---- | C] () -- C:\windows\SysNative\bootdelete.lst
[2013/09/16 20:14:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/05 15:24:10 | 000,000,004 | ---- | C] () -- C:\Users\My Computer\AppData\Roaming\cache.ini
[2013/08/21 15:32:31 | 000,039,539 | ---- | C] () -- C:\Users\My Computer\Documents\angel.jpg
[2012/01/18 17:53:22 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2012/01/01 21:16:41 | 000,043,073 | ---- | C] () -- C:\Users\My Computer\.DLMSave_back.xml
[2012/01/01 21:16:41 | 000,043,073 | ---- | C] () -- C:\Users\My Computer\.DLMSave.xml
[2012/01/01 21:16:04 | 000,001,245 | ---- | C] () -- C:\Users\My Computer\.Setting.ini
[2011/12/23 10:53:38 | 000,743,066 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/10 13:32:03 | 000,000,032 | ---- | C] () -- C:\Users\My Computer\jagex_cl_runescape_LIVE.dat
[2011/09/22 20:49:40 | 000,000,129 | ---- | C] () -- C:\Users\My Computer\jagex_runescape_preferences2.dat
[2011/09/22 20:48:20 | 000,000,035 | ---- | C] () -- C:\Users\My Computer\jagex_runescape_preferences.dat
[2011/09/22 17:47:57 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/05 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\.minecraft
[2011/08/24 09:49:31 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Atari
[2012/12/04 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Fighters
[2013/06/27 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Garmin
[2011/08/24 09:43:09 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Leadertech
[2012/04/07 08:15:15 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\OfficeSuiteX
[2012/07/30 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Registry Mechanic
[2012/02/26 09:31:03 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Rovio
[2013/08/15 03:23:28 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\SoftGrid Client
[2011/12/23 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\TP
[2012/02/04 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\My Computer\AppData\Roaming\Visan

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by My Computer on Wed 09/18/2013 at 21:32:28.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wajam.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\i want this
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\questbasic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2p.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoods_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\couponalert_2pbar uninstall
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\questbasic"
Successfully deleted: [Folder] "C:\Users\My Computer\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\My Computer\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\local\babylon"
Failed to delete: [Folder] "C:\Users\My Computer\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\local\couponalert_2p"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\locallow\couponalert_2p"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Users\My Computer\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\questbasic"
Successfully deleted: [Folder] "C:\Program Files (x86)\savevalet"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{00BF0CA3-9E59-425D-B64E-783042F5A5DF}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{05BC2B8F-5C04-4557-AAA7-E5A921A08250}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{0BB4BE67-32E7-4478-8FD9-B629C8303A1E}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{0D168B41-68F7-415F-B7E9-4745AA8B66FB}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{26D224A4-7548-44AC-8C5B-445A21F08EEC}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{2B2E7D8C-FC74-4F11-B675-BEDEE705A801}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{2E420187-B184-4210-A8F6-E444DEBBF493}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{313D0B57-8F43-4F74-815B-7CD060D20AF8}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{436C1975-54E8-4675-8A9F-A0224055E94A}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{53DDBA47-2696-403A-9F05-92D021FFE6C5}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{6C24CC93-3263-4FAE-A12A-2EF48B39DA59}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{774DE113-2D05-4DE2-9E8B-61589E536C8F}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{7BA5FC5F-302F-48D0-8EA9-30D936D28F5D}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{828FDA61-3265-49AD-86DC-A039A68E3310}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{8AB478E9-730D-4B4A-91EA-C96D8ED66D7E}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{8D77DE3F-B015-43EA-A174-D23E73C7E1EC}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{A181390A-E664-4E98-AE04-E7915DE9AB6B}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{AAEF04F6-9A64-42E4-BB62-4ED2BB217721}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{ACE1EACA-760C-4A0D-8A5F-7AC39D4D02D8}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{AD635D4C-B004-4916-9647-68630B13E442}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{AD666741-73E1-40B2-A480-E03FA167078F}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{B6B33EF6-E949-4475-B256-83F262B59C65}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{B8DA6DF9-2ED2-4990-BAE1-94CEA70B463E}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{C22406D0-E2DB-4423-AA0D-7543A66CE084}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{C9B2AC6F-DA22-41C1-8AF9-35C6FC3D061A}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{CCF80ED2-F124-4B42-9D59-2BC831333FD7}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{CD604763-FE59-439E-8654-D9C5C2877855}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{D248A420-D5DB-4D10-9484-96CE66E3ABF4}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{D3E9E696-E15B-48DF-BBE5-DF4829522E6A}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{DB518C4C-1349-4125-80AD-79DA364A1FDD}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{E8E7DE8E-77F4-4AA1-8463-43142B9A4F35}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{E8E960F9-69B2-4494-BD9B-0869B5573EDD}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{EA9CA350-213F-4CF3-80A0-389C948FE264}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{F0EFF63C-AB82-46F7-B7BC-15610822A29E}
Successfully deleted: [Empty Folder] C:\Users\My Computer\appdata\local\{F7011CE6-9F80-454B-ABC1-45BC07041D7D}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at 21:36:39.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
Essexboy
Posted 19 September 2013 - 06:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to have MSES as your antivirus at the moment, do you wish to keep that ?

I would like to run an AV scan, I do not feel it will find much if anything but better safe than sorry :)


I'd like you go to ESET and run an online scan. Once you get there, you will however need to disable your current installed Anti-Virus, how to do so can be read here.

Step 1.
Run ESET Online Scanner:

Note: Optimized for Internet Explorer, you can use Chrome or Mozilla FireFox for this scan.

You will need to to right-click on the either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

•Please go here then click on:
Posted Image

•A new window will open:

Posted Image


Select the option YES, I accept the Terms of Use then click on:

Posted Image

•When prompted allow the Add-On/Active X to install.

Posted Image

Uncheck the box beside Remove Found Threats

Check the box Scan archives.

•Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

•Now click on: Posted Image

•The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

•When completed the Online Scan will begin automatically. The scan may take several hours.

•Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

1. If No Threats Were Found:
•Put a checkmark in Uninstall application on close
•Close the program
•Report to me that nothing was found

2. If Threats Were Found:
•Click on list of threats found
•Click on export to text file and save it to the desktop as ESET SCAN.txt
•Click on Back
•Put a checkmark in Uninstall application on close Be sure you have saved the file first
•Click on Finish
•Close the program
  • 0

#5
dar124
Posted 19 September 2013 - 06:58 AM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

You appear to have MSES as your antivirus at the moment, do you wish to keep that ?



Is MSES, Microsoft Security Essentials?? If so then yes I would like to keep that as the anti-virus.

I will run the ESET online scan later today when I get home from work, etc. Thanks Essexboy!!!
  • 0

#6
Essexboy
Posted 19 September 2013 - 07:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct, must stop using acronyms :)
  • 0

#7
dar124
Posted 19 September 2013 - 07:43 AM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
No worries, just making sure we're both on the same page :thumbsup:

I'll post log files back later today. Thanks again.
  • 0

#8
dar124
Posted 19 September 2013 - 09:15 PM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok, here's the log from the ESET scan. I think there were 16 items found.



C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll a variant of Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\CrExtP2p.exe Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll Win32/Toolbar.MyWebSearch.T application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\_OTL\MovedFiles\09182013_204244\C_Program Files (x86)\CouponAlert_2p\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W application
C:\_OTL\MovedFiles\09182013_204244\C_Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.60_0\background.js JS/SaveValet.A application
  • 0

#9
Essexboy
Posted 20 September 2013 - 05:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Magic, just the stuff previously removed... Any further problems before I tidy up ?
  • 0

#10
dar124
Posted 20 September 2013 - 06:31 AM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Nope, things seem to be running pretty good. There are 2 items in the Action Center (scanner & webcame issues),but I'm imagining that that's because neither are currently connected as I only have the PC at my house. Firewall is on, anti-virus is installed & running. All seems to be well. Thanks for your help Essexboy!!!

Should I clean up any resore points??
  • 0

Advertisements

#11
Essexboy
Posted 20 September 2013 - 06:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me do all that for you :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Uninstall EST via control panel > programs and features

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
dar124
Posted 20 September 2013 - 07:09 AM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Thanks Essexboy, I'll clean up a bit this evening, run the PC thru the weekend and will let you know how things are in the next couple of days.

Thanks again!!! :thumbsup:
  • 0

#13
Essexboy
Posted 20 September 2013 - 07:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, I will leave this open 'till Tuesday then :)
  • 0

#14
dar124
Posted 22 September 2013 - 07:44 AM

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
So I did the "clean up", ran the PC off and on the past couple of days and one thing that I've noticed is the MSE icon doesn't show up down in the system tray. It's still installed and I think that it does start with Windows?? But it doesn't show up in the system tray. I did check in the settings tab within MSE, but couldn't find anything that says "show icon" or "don't show icon". I suppose that I could just uninstall & reinstall MSE, but I was hoping that there was a simpler solution??
  • 0

#15
Essexboy
Posted 22 September 2013 - 07:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the icon hidden ? By the clock on the task bar should be a small arrow, click that and select customise
It should bring this tab up
[attachment=66638:Capture.GIF]

Locate the MSES icon and in the dropdown select "Always show"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP