Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Old PC just aint running the same 313 [Closed]


  • This topic is locked This topic is locked

#1
moe313hp

moe313hp

    New Member

  • Member
  • Pip
  • 1 posts
Well i go back from deployment and after letting my mother use my pc.
So much spyware slowing me down

Here's my log from OTL:


OTL logfile created on: 11/15/2013 10:32:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vaio\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 55.13% Memory free
7.21 Gb Paging File | 5.01 Gb Available in Paging File | 69.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.19 Gb Total Space | 243.92 Gb Free Space | 84.93% Space Free | Partition Type: NTFS
Drive D: | 250.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VAIO-PC | User Name: vaio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 10:31:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vaio\Downloads\OTL.exe
PRC - [2013/11/15 06:41:40 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/15 06:41:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/09 12:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/20 06:46:16 | 002,099,064 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 10:26:31 | 000,091,136 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4E10.tmp
MOD - [2013/11/15 10:26:31 | 000,091,136 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4D53.tmp
MOD - [2013/11/15 10:26:30 | 000,091,136 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4BBB.tmp
MOD - [2013/11/15 10:26:30 | 000,091,136 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4A62.tmp
MOD - [2013/11/15 10:26:29 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4688.tmp
MOD - [2013/11/15 10:26:28 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM4426.tmp
MOD - [2013/11/15 10:26:28 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM41F2.tmp
MOD - [2013/11/15 10:26:26 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM3D3F.tmp
MOD - [2013/11/15 10:26:26 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM3A12.tmp
MOD - [2013/11/15 10:26:25 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM383C.tmp
MOD - [2013/11/15 10:26:25 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM36A4.tmp
MOD - [2013/11/15 10:26:24 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM352C.tmp
MOD - [2013/11/15 10:26:24 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM33D2.tmp
MOD - [2013/11/15 10:26:23 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM3086.tmp
MOD - [2013/11/15 10:26:23 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2F0C.tmp
MOD - [2013/11/15 10:26:23 | 000,032,768 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\YTMP7MC8AA\TAA2F2D.tmp
MOD - [2013/11/15 10:26:22 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2CB9.tmp
MOD - [2013/11/15 10:26:22 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2AA4.tmp
MOD - [2013/11/15 10:26:21 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM298A.tmp
MOD - [2013/11/15 10:26:21 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM289E.tmp
MOD - [2013/11/15 10:26:21 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM27D1.tmp
MOD - [2013/11/15 10:26:21 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM26F4.tmp
MOD - [2013/11/15 10:26:21 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2628.tmp
MOD - [2013/11/15 10:26:20 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2413.tmp
MOD - [2013/11/15 10:26:19 | 000,126,464 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM21EE.tmp
MOD - [2013/11/15 10:26:19 | 000,074,240 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1FB7.tmp
MOD - [2013/11/15 10:26:19 | 000,072,704 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM2121.tmp
MOD - [2013/11/15 10:26:19 | 000,072,704 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM20B2.tmp
MOD - [2013/11/15 10:26:19 | 000,072,704 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1E9C.tmp
MOD - [2013/11/15 10:26:18 | 000,066,048 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1AEE.tmp
MOD - [2013/11/15 10:26:18 | 000,059,904 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1D71.tmp
MOD - [2013/11/15 10:26:18 | 000,055,808 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1D12.tmp
MOD - [2013/11/15 10:26:18 | 000,055,808 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1A6F.tmp
MOD - [2013/11/15 10:26:17 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM19F0.tmp
MOD - [2013/11/15 10:26:17 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1904.tmp
MOD - [2013/11/15 10:26:17 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM176B.tmp
MOD - [2013/11/15 10:26:17 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM165F.tmp
MOD - [2013/11/15 10:26:17 | 000,057,344 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1837.tmp
MOD - [2013/11/15 10:26:16 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1554.tmp
MOD - [2013/11/15 10:26:16 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM135D.tmp
MOD - [2013/11/15 10:26:16 | 000,057,856 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM13FB.tmp
MOD - [2013/11/15 10:26:15 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEMF63.tmp
MOD - [2013/11/15 10:26:15 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM1158.tmp
MOD - [2013/11/15 10:26:15 | 000,071,168 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEMF03.tmp
MOD - [2013/11/15 10:26:14 | 000,057,344 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEMD6C.tmp
MOD - [2013/11/15 10:26:14 | 000,057,344 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEMA6D.tmp
MOD - [2013/11/15 10:26:12 | 000,077,824 | ---- | M] () -- C:\Users\vaio\AppData\Local\Temp\XTMP1MC3VE\DEM3E6.tmp
MOD - [2013/11/15 06:41:42 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2012/04/20 06:46:18 | 000,470,392 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2012/04/20 06:46:18 | 000,122,744 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011/09/14 06:16:54 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll
MOD - [2011/09/14 06:15:34 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2011/09/14 06:15:02 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
MOD - [2011/09/14 06:13:48 | 001,437,184 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2011/09/14 06:13:04 | 002,128,384 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/15 06:41:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/26 04:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/13 16:00:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 12:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 13:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/15 06:41:45 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/15 06:41:45 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/15 06:41:45 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/15 06:41:45 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/15 06:41:45 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/15 06:41:45 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/15 06:41:45 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/11/15 06:41:44 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/12 17:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/26 05:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 03:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/10/09 04:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 07:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5F-92C4F6B402B4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 2A 22 87 A4 A6 CD 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKCU\..\SearchScopes,DefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...122786&tsp=4962
IE - HKCU\..\SearchScopes\{3FA91D00-26A2-48C7-BC37-60059DFB4886}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKCU\..\SearchScopes\{57A939DD-0ACA-4CF7-94DA-10969E594517}: "URL" = http://www.mountainr...s={searchTerms}
IE - HKCU\..\SearchScopes\{59304202-2471-47A0-B81D-1A35AAD87EE1}: "URL" = http://www.youtube.c...y={searchTerms}
IE - HKCU\..\SearchScopes\{7B04EB5A-97E7-4EC1-8809-667968117655}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{82918BB9-4CD6-4845-B01B-D7CFFE3C7210}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}: "URL" = http://search.condui...1422983160&UM=2
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733
IE - HKCU\..\SearchScopes\{C6F1C701-8AB8-43E2-BB51-70769A6B298F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\vaio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 17:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:10:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:12:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:02:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:10:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:12:45 | 000,000,000 | ---D | M]

[2013/08/27 14:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions
[2013/08/27 14:02:52 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/27 14:10:58 | 000,000,000 | ---D | M] (SeeSimilar02) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/27 14:12:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/02 18:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://isearch.babyl...122786&tsp=4962
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...0819166210&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\vaio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: Funmoods = C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.4_0\
CHR - Extension: New Tab = C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.4.1.1_0\
CHR - Extension: avast! Online Security = C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\vaio\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\vaio\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TBHostSupport] C:\Users\vaio\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB479687-C9A5-49F1-82DC-FC5817EDE7CA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 11:24:52 | 000,000,129 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{97f788f3-b1ae-11e2-8d3b-dc803913930c}\Shell - "" = AutoRun
O33 - MountPoints2\{97f788f3-b1ae-11e2-8d3b-dc803913930c}\Shell\AutoRun\command - "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 07:30:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/11/15 06:43:01 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Roaming\AVAST Software
[2013/11/15 06:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/15 06:42:17 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/15 06:42:13 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/15 06:42:11 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/15 06:42:08 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/15 06:42:02 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/15 06:42:00 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/15 06:41:52 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/15 06:41:44 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/15 06:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/15 06:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/15 06:28:03 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Local\WhiteListing
[2013/11/08 01:23:28 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Local\TBHostSupport
[2013/10/28 17:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/28 17:21:31 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Local\NativeMessaging
[2013/10/20 09:12:09 | 000,000,000 | ---D | C] -- C:\SearchProtect
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/15 10:32:05 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 10:32:05 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 10:31:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/15 10:31:07 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/15 10:31:07 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/15 10:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 10:25:47 | 000,001,942 | ---- | M] () -- C:\Users\vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
[2013/11/15 10:25:28 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/15 10:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 10:14:24 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 10:12:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 10:12:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/11/15 08:47:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-165920356-1716568962-1869577169-1000UA.job
[2013/11/15 06:42:47 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/15 06:41:45 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/15 06:41:45 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/15 06:41:45 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/15 06:41:45 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/15 06:41:45 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/15 06:41:45 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/15 06:41:45 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/15 06:41:45 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/15 06:41:44 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/15 06:41:44 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/14 17:25:11 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/13 23:28:56 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-165920356-1716568962-1869577169-1000Core.job
[2013/10/28 17:30:24 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2013/10/28 17:22:37 | 000,000,009 | ---- | M] () -- C:\END
[2013/10/19 04:34:23 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/15 06:42:47 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/15 06:42:16 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/15 06:42:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/27 14:13:31 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/20 21:47:14 | 000,740,374 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/12 18:30:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/10 00:34:42 | 000,290,500 | ---- | C] () -- C:\Users\vaio\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/10 00:34:38 | 000,031,465 | ---- | C] () -- C:\Users\vaio\AppData\Local\funmoods.crx
[2012/06/06 15:03:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/27 14:02:51 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\7go
[2013/02/04 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Advanced System Protector
[2013/11/15 06:43:01 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\AVAST Software
[2013/11/15 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\BabSolution
[2013/08/02 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Babylon
[2013/08/27 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\File Scout
[2012/06/06 15:13:00 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\ManyCam
[2013/11/15 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\PerformerSoft
[2013/08/02 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Rovio
[2013/08/27 14:10:57 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\SeeSimilar02
[2013/08/27 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\SpeedAnalysis2
[2013/11/15 07:26:38 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Systweak
[2012/11/13 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Visan

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Hello :) There should be another log called Extras.txt that was produced from your initial OTL run. It will be located in the same location as where you ran OTL from, in this case C:\Users\vaio\Downloads. Please post that log in your next reply.

Also, please move OTL.exe to your desktop, it works better from there. :)

Things I need to see in your next post:

Extras.txt Log

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :) We've got some work to do, so let's get started. If you have the Extras log, you can post it with the other logs my instructions will produce.

Please disable your anti-virus protection for the duration of these fixes. Don't forget to re-enable them after you complete my instructions.


Step 1: Change Chrome's Search Provider and Extension Removal

There are some things in Chrome we need to change and remove. Please follow the instructions below.

Changing Chrome's Search Provider

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete the following engine from the list:

    Babylon
  • Once you have removed it, look to the top left of the page and click on Extensions
  • When the Extensions list opens, locate the Funmoods extension and remove it by clicking on the Trash Can icon beside the extension.
  • Once you have removed the extension, you can close the window.


Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733
IE - HKLM\..\SearchScopes,DefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5F-92C4F6B402B4
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKCU\..\SearchScopes,DefaultScope = {B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...122786&tsp=4962
IE - HKCU\..\SearchScopes\{3FA91D00-26A2-48C7-BC37-60059DFB4886}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKCU\..\SearchScopes\{B6CFFE22-3D74-4843-8410-CE6E0E7EC9D3}: "URL" = http://search.condui...1422983160&UM=2
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1797656733
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:10:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:12:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:10:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/08/27 14:12:45 | 000,000,000 | ---D | M]
[2013/08/27 14:10:58 | 000,000,000 | ---D | M] (SeeSimilar02) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/27 14:12:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\vaio\AppData\Roaming\Mozilla\Extensions\[email protected]
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\vaio\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKCU..\Run: [TBHostSupport] C:\Users\vaio\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll) - File not found
[2013/11/08 01:23:28 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Local\TBHostSupport
[2013/10/28 17:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/28 17:21:31 | 000,000,000 | ---D | C] -- C:\Users\vaio\AppData\Local\NativeMessaging
[2013/10/20 09:12:09 | 000,000,000 | ---D | C] -- C:\SearchProtect
[2013/10/28 17:22:37 | 000,000,009 | ---- | M] () -- C:\END
[2012/10/10 00:34:42 | 000,290,500 | ---- | C] () -- C:\Users\vaio\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/10 00:34:38 | 000,031,465 | ---- | C] () -- C:\Users\vaio\AppData\Local\funmoods.crx
[2013/02/04 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Advanced System Protector
[2013/11/15 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\BabSolution
[2013/08/02 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\Babylon
[2013/08/27 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\vaio\AppData\Roaming\SpeedAnalysis2

:Commands
[emptytemp]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Step 5: OTL Quick Scan

Start OTL and click the Quick Scan button.

Once it has finished scanning, it will produce a log. Please post it in your next reply.


  • Things I need to see in your next post:
  • OTL Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • OTL Quick Scan Log
  • Extras Log

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP