Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

popups to downloade software, adware on computer (again!) [Closed]


  • This topic is locked This topic is locked

#1
mom2dacl

mom2dacl

    Member

  • Member
  • PipPip
  • 19 posts
I am having an issue with pop-up ads to have me download "necessary" software, including adobe.
one example is: http://rvzr-a.akamai...l?aff=1700-1016

Also, on my son's account, none of his browsers will connect to the internet. Mine do with no problem. We are on the same computer with different users, I am the admin, they cannot download anything without my password.

There are links on all webpages to ads where there shouldn't be.

I did a clean once before, following your instructions. Previous topic here:http://www.geekstogo.com/forum/topic/330596-adyeildmanager-removal/page__gopid__2303187#entry2303187

Thanks in advance for your help!
Karen



OTL logfile created on: 9/20/2013 4:21:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.44% Memory free
5.75 Gb Paging File | 3.91 Gb Available in Paging File | 68.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 163.63 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 03:01:01 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/08/30 11:06:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/05/22 11:35:32 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/02 10:52:04 | 001,078,592 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160\AirNCFG.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 03:00:58 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/30 11:06:55 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/22 14:55:10 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANPDApi.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/14 13:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\wlanapp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/09/19 17:57:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 11:06:56 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe -- (D-Link Wireless N Dual Band DWA-160 _WPS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/06/27 15:15:01 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:15:01 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:15:01 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/02 00:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/09 14:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7093ee04-f2e4-4637-a667-0f730797b3a0} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {21F2D077-504D-4194-8900-B14556BAC386}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 0B 60 D4 9D 66 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.3
FF - prefs.js..extensions.enabledAddons: 67314b39-24e6-4f05-99f3-3f88c7cddd17%406c5fa560-13a3-4d42-8e90-53d9930111f9.com:0.92.57
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54141
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/09/13 09:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/10 13:22:02 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/09/13 09:50:22 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com
[2013/09/20 08:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\plugins
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\userCode
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/30 11:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/30 11:07:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: VisualBee = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\crossrider
CHR - Extension: VisualBee = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\
CHR - Extension: BitTorrentBar2 = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik\2.3.11.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/06/01 06:26:03 | 000,447,858 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15378 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files\privoxy\starthelp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355BF47-CF84-48BF-AD2B-A72F6B586315}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/06 23:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\privoxy
[2013/09/06 23:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Web Protect
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/09/06 16:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/09/06 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/08/30 11:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/20 16:26:00 | 000,001,234 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/09/20 16:26:00 | 000,001,228 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/09/20 16:26:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/09/20 16:25:00 | 000,001,926 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/09/20 16:25:00 | 000,001,850 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/09/20 16:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 16:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 16:03:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 14:27:42 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/20 14:27:42 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/20 08:04:51 | 000,046,062 | ---- | M] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg
[2013/09/20 07:37:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/18 16:19:21 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 16:19:21 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 16:09:19 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/06 16:23:54 | 000,000,000 | ---- | M] () -- C:\END

========== Files Created - No Company Name ==========

[2013/09/20 08:04:48 | 000,046,062 | ---- | C] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg
[2013/09/06 16:26:37 | 000,001,228 | ---- | C] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/09/06 16:26:30 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/09/06 16:26:22 | 000,001,234 | ---- | C] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/09/06 16:25:34 | 000,001,850 | ---- | C] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/09/06 16:25:25 | 000,001,926 | ---- | C] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/09/06 16:20:34 | 000,000,000 | ---- | C] () -- C:\END
[2013/06/27 15:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/22 14:57:52 | 000,000,258 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/06/22 14:51:59 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/06/22 14:51:59 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 14:39:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/17 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Goodsol
[2013/07/07 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Samsung
[2011/11/17 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinAVI
[2011/10/15 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I just noticed the check box for "scan all users" so here are those results on OTL. Hope this helps!

OTL logfile created on: 9/20/2013 4:45:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 46.19% Memory free
5.75 Gb Paging File | 3.80 Gb Available in Paging File | 66.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 163.65 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 03:01:01 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/08/30 11:06:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/05/22 11:35:32 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/02 10:52:04 | 001,078,592 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160\AirNCFG.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 03:00:58 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/30 11:06:55 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/22 14:55:10 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANPDApi.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/14 13:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\wlanapp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/09/19 17:57:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 11:06:56 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe -- (D-Link Wireless N Dual Band DWA-160 _WPS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/06/27 15:15:01 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:15:01 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:15:01 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/02 00:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/09 14:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7093ee04-f2e4-4637-a667-0f730797b3a0} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {21F2D077-504D-4194-8900-B14556BAC386}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 0B 60 D4 9D 66 CE 01 [binary data]
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...64-865167C26040
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 72 8C CD 73 C0 CD 01 [binary data]
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\URLSearchHook: {7093ee04-f2e4-4637-a667-0f730797b3a0} - No CLSID value found
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\SearchScopes,DefaultScope = {21F2D077-504D-4194-8900-B14556BAC386}
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\SearchScopes\{21F2D077-504D-4194-8900-B14556BAC386}: "URL" = http://search.condui...4902394629&UM=2
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.3
FF - prefs.js..extensions.enabledAddons: 67314b39-24e6-4f05-99f3-3f88c7cddd17%406c5fa560-13a3-4d42-8e90-53d9930111f9.com:0.92.57
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54141
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/09/13 09:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/10 13:22:02 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/09/13 09:50:22 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com
[2013/09/20 08:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\plugins
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\userCode
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/30 11:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/30 11:07:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: VisualBee = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\crossrider
CHR - Extension: VisualBee = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\
CHR - Extension: BitTorrentBar2 = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik\2.3.11.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/06/01 06:26:03 | 000,447,858 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15378 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\Toolbar\WebBrowser: (no name) - {656461EF-40F6-4115-9FF1-BCED9812CCBB} - No CLSID value found.
O3 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\Toolbar\WebBrowser: (no name) - {7093EE04-F2E4-4637-A667-0F730797B3A0} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files\privoxy\starthelp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Akamai NetSession Interface] C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355BF47-CF84-48BF-AD2B-A72F6B586315}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 16:44:42 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\New computer fix
[2013/09/06 23:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\privoxy
[2013/09/06 23:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Web Protect
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/09/06 16:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/09/06 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/08/30 11:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/20 16:26:00 | 000,001,234 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/09/20 16:26:00 | 000,001,228 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/09/20 16:26:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/09/20 16:25:00 | 000,001,926 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/09/20 16:25:00 | 000,001,850 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/09/20 16:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 16:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 16:03:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 14:27:42 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/20 14:27:42 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/20 08:04:51 | 000,046,062 | ---- | M] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg
[2013/09/20 07:37:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/18 16:19:21 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 16:19:21 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 16:09:19 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/06 16:23:54 | 000,000,000 | ---- | M] () -- C:\END

========== Files Created - No Company Name ==========

[2013/09/20 08:04:48 | 000,046,062 | ---- | C] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg
[2013/09/06 16:26:37 | 000,001,228 | ---- | C] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/09/06 16:26:30 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/09/06 16:26:22 | 000,001,234 | ---- | C] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/09/06 16:25:34 | 000,001,850 | ---- | C] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/09/06 16:25:25 | 000,001,926 | ---- | C] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/09/06 16:20:34 | 000,000,000 | ---- | C] () -- C:\END
[2013/06/27 15:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/22 14:57:52 | 000,000,258 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/06/22 14:51:59 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/06/22 14:51:59 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 14:39:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/18 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2013/05/31 16:50:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus
[2013/09/06 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Awesomium
[2011/11/18 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Goodsol
[2013/03/08 21:40:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2013/07/10 07:52:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2013/09/20 07:39:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2011/11/18 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2011/11/17 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Goodsol
[2013/07/07 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Samsung
[2011/11/17 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinAVI
[2011/10/15 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinBatch
[2013/08/24 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\.minecraft
[2013/06/10 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Ad-Aware Antivirus
[2013/07/12 14:13:10 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Audacity
[2013/05/29 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Blackboard
[2013/09/18 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Dropbox
[2013/01/07 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Elluminate
[2013/05/17 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\GoforFiles
[2013/09/06 14:35:14 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\gtk-2.0
[2013/08/20 15:57:32 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\MP3 Quality Modifier
[2011/11/18 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Unity

========== Purity Check ==========



< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, once this has run could you check the other sign ons and let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {7093ee04-f2e4-4637-a667-0f730797b3a0} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {21F2D077-504D-4194-8900-B14556BAC386}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...64-865167C26040
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\URLSearchHook: {7093ee04-f2e4-4637-a667-0f730797b3a0} - No CLSID value found
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\SearchScopes,DefaultScope = {21F2D077-504D-4194-8900-B14556BAC386}
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\SearchScopes\{21F2D077-504D-4194-8900-B14556BAC386}: "URL" = http://search.condui...4902394629&UM=2
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54141
[2013/09/13 09:50:22 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com
[2013/09/20 08:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\plugins
[2013/09/20 08:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\[email protected]9930111f9.com\extensionData\userCode
O3 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\Toolbar\WebBrowser: (no name) - {656461EF-40F6-4115-9FF1-BCED9812CCBB} - No CLSID value found.
O3 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002\..\Toolbar\WebBrowser: (no name) - {7093EE04-F2E4-4637-A667-0F730797B3A0} - No CLSID value found.
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Akamai NetSession Interface] C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1002..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
[2013/09/06 23:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Web Protect
[2013/09/06 16:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/09/20 16:26:00 | 000,001,234 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/09/20 16:26:00 | 000,001,228 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/09/20 16:26:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/09/20 16:25:00 | 000,001,926 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/09/20 16:25:00 | 000,001,850 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job

:Files
C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#4
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 9/22/2013 8:14:02 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 73.99% Memory free
5.75 Gb Paging File | 4.26 Gb Available in Paging File | 74.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 169.64 Gb Free Space | 59.16% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/30 11:06:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/05/23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/05/22 11:35:32 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/05/17 23:03:09 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/29 22:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/02 10:52:04 | 001,078,592 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160\AirNCFG.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/30 11:06:55 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/15 03:15:19 | 017,221,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\b593e9ee0c411ab4c480cfc7b881f782\Kies.Theme.ni.dll
MOD - [2013/08/15 03:15:18 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\30347cf99dcac9f06c7060e3053f1e3e\DummyStorePlugin.ni.dll
MOD - [2013/08/15 03:15:16 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\50a98900561477bfd9f758943cca8738\DeviceStoryAlbum.ni.dll
MOD - [2013/08/15 03:15:14 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\4a33e62cf831b38d595d0424f1b359f4\DevicePodcast.ni.dll
MOD - [2013/08/15 03:15:13 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\7af07bff9711e3047fdddb63c3ea947d\DeviceVideo.ni.dll
MOD - [2013/08/15 03:15:11 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\75f0e35f7400a2243d57ac4f2bceed8b\DevicePhoto.ni.dll
MOD - [2013/08/15 03:15:10 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\05be619dff58228ad875b9f68a91e0bb\DeviceMusic.ni.dll
MOD - [2013/08/15 03:15:09 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\0c409b4cef7ef6ed150f1b46e345bb92\VideoManager.ni.dll
MOD - [2013/08/15 03:15:08 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\a2da04a504c3ad3c7f2b464bb046884c\PhotoManager.ni.dll
MOD - [2013/08/15 03:15:06 | 001,989,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\97166a4417fcaf2c1d122ff4c2979b68\Phonebook.ni.dll
MOD - [2013/08/15 03:15:03 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\335cdd1cf584c185a71870cae67d8517\StoryAlbumManager.ni.dll
MOD - [2013/08/15 03:15:02 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\03ba81fbbde974c7e3f93ab76948a8a7\MusicManager.ni.dll
MOD - [2013/08/15 03:15:00 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\9c07b9ce5aaccc5ec1875b4471ac962f\BATPlugin.ni.dll
MOD - [2013/08/15 03:14:55 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\2eddb8405d16e95fe594da55d5778147\Kies.Common.MediaDB.ni.dll
MOD - [2013/08/15 03:14:55 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\0d402c4e5cfd2c857c9523c3483a0653\Kies.Common.StoreManager.ni.dll
MOD - [2013/08/15 03:14:54 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
MOD - [2013/08/15 03:14:52 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\bac700f7c91915e8ee95ad9c1260e563\Kies.Common.AllShare.ni.dll
MOD - [2013/08/15 03:14:49 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\13e3ee57f10e5285cc1f98e3a9c26e13\Kies.Common.CRMManager.ni.dll
MOD - [2013/08/15 03:14:49 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\02acfb0ee1b08245ec7a1f62025b6b78\Kies.Common.DBManager.ni.dll
MOD - [2013/08/15 03:14:48 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\db4327ce1183879a444867b3628e8362\Podcaster.ni.dll
MOD - [2013/08/15 03:14:46 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\dc37d596d68c16d8596cb1820e64121e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/08/15 03:14:46 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\11e54216f2aee21fbcbd3a751098cb7c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/08/15 03:14:45 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a3e95996ba28a12201dc645d9a510cdf\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/08/15 03:14:44 | 001,209,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e268e9a4d1732bcf1b4b63cd838ca75d\Kies.Common.DeviceService.ni.dll
MOD - [2013/08/15 03:14:42 | 000,991,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\58de36d49d9adfc6803f2e980dc0e883\DeviceCommonLib.ni.dll
MOD - [2013/08/15 03:14:41 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\c13a705f751266a4cdfc76007856748b\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/08/15 03:14:39 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\645cb9ce90cbb7d206bbdf94da1b6dfd\Kies.Common.MainUI.ni.dll
MOD - [2013/08/15 03:14:25 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5190df714414164efd33d9dca5472e29\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/08/15 03:14:16 | 002,213,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\3f97644df0076e46d7ccabe85e3091b0\Kies.Common.Multimedia.ni.dll
MOD - [2013/08/15 03:14:14 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2cf3987fcddce6b17d2b03aaa1c4b11b\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/08/15 03:14:13 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d4846e288f02405cd160f346261ac3b9\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/08/15 03:14:08 | 007,111,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\849ce24d949371d782ed0021f9279e87\DeviceHost.ni.dll
MOD - [2013/08/15 03:14:01 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\6df664c3c65d8dfaea65fb67d8627bf8\Kies.Common.Util.ni.dll
MOD - [2013/08/15 03:14:00 | 001,646,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a8641a548883ae709df563915312e03\Kies.Locale.ni.dll
MOD - [2013/08/15 03:13:59 | 001,902,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\41f78c0116f14d4a67db19b59ccbe480\Kies.UI.ni.dll
MOD - [2013/08/15 03:13:59 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\75c5aed1bb8bdca76b525643fbb233f1\Kies.MVVM.ni.dll
MOD - [2013/08/15 03:13:57 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\66fa34073852beddee22e89b8bba2d75\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/08/15 03:13:54 | 001,274,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\71dfa1f9afa37f359a5d3ca169350673\Kies.Interface.ni.dll
MOD - [2013/08/15 03:13:40 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 03:13:27 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f17c7bc239be0eb7661cbcd3cff1ea16\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 03:13:11 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 03:13:09 | 002,176,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\d3377afca677e1923dbf96dbfe85cd2e\Kies.ni.exe
MOD - [2013/08/15 03:09:44 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8532e498c23b60bee2e5ffcf4411c86d\PresentationFramework.ni.dll
MOD - [2013/08/15 03:09:27 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\40841519650bcf0de403049960550c20\PresentationCore.ni.dll
MOD - [2013/08/15 03:09:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d2382128944d16da8adf76c58fb8e6f1\WindowsBase.ni.dll
MOD - [2013/08/15 03:09:07 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11467cefb818233a909bdd3426ccab69\System.Configuration.ni.dll
MOD - [2013/08/15 03:09:06 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/15 03:08:57 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7b6f508b953eebe51c55ad40f468af2e\System.Core.ni.dll
MOD - [2013/08/15 03:08:50 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/10 03:21:57 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\89df88e12edd4cbc6f629a8e8c3f4e91\Interop.DevFileServiceLib.ni.dll
MOD - [2013/07/10 03:21:33 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5e5190fb957915307e495bd499202388\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/07/10 03:21:26 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\be9d4a331a41a83465c56b735845c86b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0cd09e4839a2bfe65311191d2e61c698\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\666b10af8e7a3ce91019a4f9688f318d\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/07/10 03:21:25 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\a474771ad225ef2b83d38a86a160ed53\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/07/10 03:21:09 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\abebd90a3673cde0cd3a1b81a9f18f86\CabLib.ni.dll
MOD - [2013/07/10 03:21:08 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4ae14b63968b4bfde39959e0e0728f95\Interop.DeviceSearchLib.ni.dll
MOD - [2013/07/10 03:17:46 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/06/22 14:55:10 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANPDApi.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/14 13:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\wlanapp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/09/19 17:57:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 11:06:56 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe -- (D-Link Wireless N Dual Band DWA-160 _WPS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/06/27 15:15:01 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:15:01 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:15:01 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/02 00:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/09 14:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 0B 60 D4 9D 66 CE 01 [binary data]
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/20 08:05:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/30 11:06:42 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/09/21 15:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/09/21 17:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/30 11:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/30 11:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/30 11:07:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: BitTorrentBar2 = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik\2.3.11.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/09/21 15:35:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files\privoxy\starthelp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355BF47-CF84-48BF-AD2B-A72F6B586315}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1031511220-1319934591-3059643299-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/21 17:05:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/20 16:44:42 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\New computer fix
[2013/09/06 23:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\privoxy
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/09/06 17:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/08/30 11:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/22 20:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 20:13:49 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 20:13:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 20:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/21 16:27:36 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 16:27:36 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 16:19:29 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/21 15:35:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/09/20 20:18:46 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/20 20:18:46 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/20 08:04:51 | 000,046,062 | ---- | M] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg

========== Files Created - No Company Name ==========

[2013/09/20 08:04:48 | 000,046,062 | ---- | C] () -- C:\Users\Computer\Documents\cc_20130920_080446.reg
[2013/06/27 15:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/22 14:57:52 | 000,000,258 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/06/22 14:51:59 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/06/22 14:51:59 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 14:39:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/21 10:25:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2013/05/31 16:50:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus
[2013/09/06 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Awesomium
[2011/11/18 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Goodsol
[2013/03/08 21:40:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2013/07/10 07:52:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2013/09/21 08:29:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2011/11/18 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2011/11/17 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Goodsol
[2013/07/07 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Samsung
[2011/11/17 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinAVI
[2011/10/15 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinBatch
[2013/08/24 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\.minecraft
[2013/06/10 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Ad-Aware Antivirus
[2013/07/12 14:13:10 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Audacity
[2013/05/29 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Blackboard
[2013/09/18 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Dropbox
[2013/01/07 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Elluminate
[2013/05/17 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\GoforFiles
[2013/09/06 14:35:14 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\gtk-2.0
[2013/08/20 15:57:32 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\MP3 Quality Modifier
[2011/11/18 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Unity

========== Purity Check ==========



< End of report >



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Computer on Sat 09/21/2013 at 17:05:21.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1031511220-1319934591-3059643299-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033906.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033906.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033906.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0033906.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355395506}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366396606}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344394406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0033906.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0033906.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0033906.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0033906.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287810
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355395506}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344394406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Computer\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Computer\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Failed to delete: [Folder] C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\prefs.js

user_pref("extensions.5061c02ebbcfe.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_css.expiration", "Sun Sep 22 2013 15:32:19 GMT-
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_geolocation.expiration", "Mon Sep 23 2013 19:53
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_messages.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_messages.value", "%7B%22data%22%3A%7B%7D%2C%22l
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 21 2013 16:32:19
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A33906%2C%22a
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_meta.value", "%7B%22images/emaze.png%22%3A%7B%22id%2
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_resource_170999.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_resource_171000.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.js", "\n\n /************************************************************
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_32.code", "appAPI.hooks.addHook(\"images\",(function(a){re
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|ri
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"
user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "14102faaa86f8c164832ef7783d3c6aa");
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\minidumps [39 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hpilclpacieflhmobalmaccogiioldoo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at 17:08:07.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

:Files
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Seems to be running better. I haven't been on it much due to my work schedule, but so far so good. Kids come back this weekend, and I will have them see if theirs are better, or if they can get on the internet.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\Setup folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\data folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome folder moved successfully.
C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Computer
->Temp folder emptied: 2164926 bytes
->Temporary Internet Files folder emptied: 129 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20639754 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dean
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09262013_110829

Files\Folders moved on Reboot...
C:\Users\Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will hang on 'til then :)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP