Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP trouble loading [Solved]

Started by john god , Nov 27 2013 01:12 PM

  • This topic is locked This topic is locked

#1
john god
Posted 27 November 2013 - 01:12 PM

john god

    Member

  • Member
  • PipPipPip
  • 460 posts
Please help if you can:

My wife's computer had some spyware on it, like searchfly or something.
I tried to get it off but didn't work.
So I think I did a wrong thing.
I ran ADWCleaner to try and clean it.
Now I can't open anything,life facebook.google,yahoo,etc.etc...

Do I have to install new drivers?
And how to reinstall if I did?
Did I lose some registry items?
If so, how do I go about to get them back?

Do I have to go thru all the trouble to reinstall XP?
Or is there another way?

Any help would be greatly appreciated......

Thank-You,
Johngod

Edited by john god, 27 November 2013 - 10:41 PM.

  • 0

Advertisements

#2
rockmilk
Posted 27 November 2013 - 01:20 PM

rockmilk

    Certified monkey.

  • Member
  • PipPipPipPipPip
  • 2,773 posts
Perform a system restore on the machine and then have the experts here have a stab at the malware. :thumbsup:

http://support.microsoft.com/kb/306084
http://www.geekstogo...cleaning-guide/
  • 0

#3
Machiavelli
Posted 27 November 2013 - 03:02 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, john god

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Perform a system restore on the machine and then have the experts here have a stab at the malware.

Not needed - I'm here :P

 

Questions Time

Now I can't open anything,life facebook.google,yahoo,etc.etc...

You mean you aren't able to open websites like google.com etc.?

I ran ADWCleaner to try and clean it.

Please post the logs, they you be located under C:\AdwCleaner\

Try this:

OTL Scan

  • Download OTL to your Desktop
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
      Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1


  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#4
john god
Posted 27 November 2013 - 03:02 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
I tried a system restore
but it only goes to the date that this started happening.
Not any time sooner.
  • 0

#5
Machiavelli
Posted 27 November 2013 - 03:04 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
I have posted instructions for you above.
  • 0

#6
john god
Posted 27 November 2013 - 03:36 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
I haven't done what you told me to do yet but I will,
just wanted to let you know something else.

When I go to log into yahoo,
I get MSN instead, than I have to again log into Yahoo or google,
which ever I'm tring to get into.
Also
When i try to log in to yahoo or google,
I get a red x and a line thru https, but the page doesn't come up...
  • 0

#7
john god
Posted 27 November 2013 - 04:47 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
ADWCleaner File;
# AdwCleaner v3.013 - Report created 25/11/2013 at 12:42:06
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DELL-3KDDY71
# Running from : C:\Documents and Settings\Owner\Local Settings\Temp\dlmA7.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Program Files\AutocompletePro
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\CT3292715
Folder Deleted : C:\Documents and Settings\Owner\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Owner\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Owner\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\Wajam
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\CT3292715
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b}
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\user.js
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-333333333302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\prefs.js ]

Line Deleted : user_pref("CT3292715.FF19Solved", "true");
Line Deleted : user_pref("CT3292715.UserID", "UN26363143892052423");
Line Deleted : user_pref("CT3292715.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3292715.fullUserID", "UN26363143892052423.IN.20131116110250");
Line Deleted : user_pref("CT3292715.installDate", "16/11/2013 11:03:19");
Line Deleted : user_pref("CT3292715.installSessionId", "{A647FEE5-BC72-4C92-8FD8-7D8C52E16B6A}");
Line Deleted : user_pref("CT3292715.installSp", "TRUE");
Line Deleted : user_pref("CT3292715.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3292715.keyword", "true");
Line Deleted : user_pref("CT3292715.originalHomepage", "hxxp://www.amazon.com/websearch/ref=bit_bds-p07_serp_ff_us_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_c3f5461477484588a09d9eda1c6ecceb_30_46_201304[...]
Line Deleted : user_pref("CT3292715.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3292715.originalSearchEngine", "");
Line Deleted : user_pref("CT3292715.originalSearchEngineName", "");
Line Deleted : user_pref("CT3292715.searchRevert", "true");
Line Deleted : user_pref("CT3292715.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3292715.searchUserMode", "2");
Line Deleted : user_pref("CT3292715.smartbar.homepage", "true");
Line Deleted : user_pref("CT3292715.toolbarInstallDate", "16-11-2013 11:02:51");
Line Deleted : user_pref("CT3292715.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3292715.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "SearchFlyBar2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SearchFlyBar2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292715&CUI=UN26363143892052423&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SearchFlyBar2 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3292715&CUI=UN26363143892052423&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292715&SearchSource=2&CUI=UN26363143892052423&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3292715");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3292715&CUI=UN26363143892052423&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292715&SearchSource=2&CUI=UN26363143892052423&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3292715");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3292715");
Line Deleted : user_pref("smartbar.machineId", "JTPK+A1E1TRWVE5JX1FDCJG7LRWPKRCOH9LM+VGFEFU8YTSATFWJT7YWYUODGORVHE9PUO9+9LLXP62K86GGMW");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10628 octets] - [25/11/2013 12:32:40]
AdwCleaner[S0].txt - [10557 octets] - [25/11/2013 12:42:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10618 octets] ##########







OTL File;
OTL logfile created on: 11/27/2013 5:16:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 560.60 Mb Available Physical Memory | 55.28% Memory free
2.37 Gb Paging File | 1.75 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 59.58 Gb Free Space | 79.97% Space Free | Partition Type: NTFS

Computer Name: DELL-3KDDY71 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 16:50:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/11/13 00:53:05 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/13 00:53:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/13 00:36:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/03/12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/05/20 23:59:44 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:59:42 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/27 14:12:52 | 002,149,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112702\algo.dll
MOD - [2013/11/13 00:53:10 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/10 10:18:23 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 10:00:26 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/10 09:17:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/08/23 09:13:10 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/22 07:25:02 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a06f7104593927a9e9be4afd4199b404\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/18 14:43:04 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/18 14:42:34 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/18 14:40:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 11:23:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/11/25 11:54:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/13 00:53:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/06/18 09:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/13 00:53:13 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/13 00:53:13 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/13 00:53:13 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/13 00:53:13 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/13 00:53:13 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/13 00:53:13 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/11/13 00:53:13 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/13 00:53:13 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/07/03 03:32:42 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/02 00:29:16 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2010/12/02 00:16:01 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (VMSCSI)
DRV - [2010/12/02 00:12:01 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/17 22:59:03 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2010/11/17 22:18:23 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009/08/18 06:50:49 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/?ilc=1 [binary data]
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:16.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7B1a68cbde-3e4c-4fae-bf49-af5ab9868e53%7D:2.0.244
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/25 14:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/21 11:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/29 14:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/13 14:22:21 | 000,000,000 | ---D | M]

[2012/10/20 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/10/20 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/11/27 11:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions
[2013/11/21 22:49:34 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
[2010/12/30 12:43:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/20 14:18:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/11/27 11:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\staged
[2013/11/12 13:15:38 | 000,008,920 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\[email protected]
[2012/10/20 14:18:46 | 000,086,475 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2013/11/27 11:22:39 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/29 14:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/29 14:15:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/27 13:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/11/27 13:04:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We-Care Reminder = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: ArcadeFrontier = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.0.244\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/09/03 13:39:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ArcadeFrontier Addon) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ArcadeFrontier.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\c39b4038-60dc-4343-a9c1-0b19c65adadb.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKU\.DEFAULT..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKU\S-1-5-18..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKU\S-1-5-19..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKU\S-1-5-21-3305496531-1206371772-298950284-1004..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3305496531-1206371772-298950284-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir (MyPCBackup.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3305496531-1206371772-298950284-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC81BF0-08F0-4B13-8AC1-43236B027715}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 16:50:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/25 12:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup
[2013/11/25 12:32:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/23 00:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVAST Software
[2013/11/21 22:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\ArcadeFrontier
[2013/11/21 22:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier
[2013/11/16 11:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteListing
[2013/11/16 11:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2013/11/16 11:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging
[2013/11/16 11:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[2013/11/16 11:02:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2013/11/16 11:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\css
[2013/11/16 11:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\modules
[2013/11/16 11:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html
[2013/11/16 11:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\js
[2013/11/16 10:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/11/16 10:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/11/16 10:27:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/11/16 10:27:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/11/13 14:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/11/13 00:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2013/11/13 00:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast

========== Files - Modified Within 30 Days ==========

[2013/11/27 17:12:08 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\ArcadeFrontier.job
[2013/11/27 16:50:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/27 16:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/27 16:30:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 15:51:08 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/11/27 15:46:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/27 15:45:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 15:45:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/27 13:35:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/11/25 14:37:30 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/11/25 13:31:48 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/25 13:31:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/25 13:05:12 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MyPC Backup.lnk
[2013/11/25 11:54:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/25 11:54:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/21 21:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/11/13 09:30:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/13 00:53:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/11/13 00:53:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/11/13 00:53:13 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/13 00:53:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/11/13 00:53:13 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/11/13 00:53:13 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/11/13 00:53:13 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/13 00:53:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/11/13 00:53:12 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/11/13 00:53:12 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/04 18:21:41 | 000,523,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/04 18:21:41 | 000,094,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/25 13:05:48 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MyPC Backup.lnk
[2013/11/25 12:33:25 | 000,001,050 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/11/21 22:49:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\ArcadeFrontier.job
[2013/08/11 12:35:08 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/08/11 12:35:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/08/07 12:36:43 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2013/06/24 09:30:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 12:35:03 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WBPU-TTL.DAT
[2013/06/23 11:20:48 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2013/03/21 22:42:05 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 22:42:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/10/21 11:36:35 | 000,193,171 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2012/10/21 11:36:34 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2012/09/20 10:50:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/30 10:29:34 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2010/12/01 19:08:24 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak

========== ZeroAccess Check ==========

[2010/12/01 17:49:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IconTweaker
[2010/12/01 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Softland
[2013/11/13 00:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/11/16 10:27:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/01 18:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2013/03/30 18:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2013/03/30 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2013/11/16 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/11/16 10:27:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IconTweaker
[2010/12/01 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Softland
[2013/11/23 00:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVAST Software
[2012/11/16 11:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AusLogics
[2013/11/13 00:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2010/12/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Disk Cleaner
[2010/12/01 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IconTweaker
[2012/10/20 13:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/04/02 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PDF Reader Packages
[2010/12/01 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2013/03/30 18:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2013/04/02 12:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF
[2012/10/20 14:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2013/11/16 10:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2010/12/01 19:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/12/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 04:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2010/05/06 04:16:44 | 000,022,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2009/04/19 04:19:13 | 000,408,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:10 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/06/03 08:01:54 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/05/22 01:45:35 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/12/23 10:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 04:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 16:13:09 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 04:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 04:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 04:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 04:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 04:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/07/28 07:41:07 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/12/23 10:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 07:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 04:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 04:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 04:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 04:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 04:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 16:13:09 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 04:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 04:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 04:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/08/06 12:13:04 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2009/05/18 09:55:27 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 16:13:09 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 04:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 04:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/28 08:07:46 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 04:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/18 17:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 04:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/04/09 07:27:20 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/01/20 10:14:17 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2002/09/03 13:37:08 | 000,483,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 00:17:16 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2010/01/23 23:05:23 | 000,012,288 | ---- | M] () -- C:\DevPath.exe

< MD5 for: EXPLORER.EXE >
[2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2009/04/19 04:19:13 | 000,408,576 | ---- | M] (Microsoft Corporation) MD5=F13D1AA04F1F02399EB87F011584B7C0 -- C:\WINDOWS\system32\bits\qmgr.dll
[2009/04/19 04:19:13 | 000,408,576 | ---- | M] (Microsoft Corporation) MD5=F13D1AA04F1F02399EB87F011584B7C0 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2009/04/19 04:19:13 | 000,408,576 | ---- | M] (Microsoft Corporation) MD5=F13D1AA04F1F02399EB87F011584B7C0 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2002/09/03 13:55:03 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/12/23 10:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\dllcache\services.exe
[2009/12/23 10:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2010/12/01 18:26:44 | 000,001,602 | ---- | M] () MD5=17E18C240E2FF97FBEA11493485D8998 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/11/22 23:07:09 | 000,000,473 | ---- | M] () MD5=E2952768836F020B1CADBAECA82ADEF3 -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BKAUMT7Z\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2002/09/03 13:55:02 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2010/05/21 07:17:06 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/21 07:09:54 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/10/03 05:54:33 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/10/03 05:54:33 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/02 08:56:36 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009/04/02 08:56:36 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2002/09/03 14:03:28 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2002/09/03 14:03:28 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 5C0C-42A0
Directory of C:\WINDOWS\assembly\GAC_32\infocard
12/01/2010 05:53 PM <JUNCTION> 3.0.0.0__b77a5c561934e089
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013 09:17 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\ComSvcConfig
12/01/2010 05:53 PM <JUNCTION> 3.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013 09:17 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\ServiceModelReg
12/01/2010 05:53 PM <JUNCTION> 3.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\SMSvcHost
12/01/2010 05:53 PM <JUNCTION> 3.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\WsatConfig
12/01/2010 05:53 PM <JUNCTION> 3.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/10/2013 09:13 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/10/2013 09:00 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
9 Dir(s) 63,943,979,008 bytes free

< >
[2010/12/01 18:22:05 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2010/12/01 19:06:58 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/12/01 19:28:46 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job
[2012/10/20 13:17:56 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/10/27 21:36:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/11/16 10:55:00 | 000,000,880 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 10:55:01 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 12:35:34 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job
[2013/11/21 22:49:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\Tasks\ArcadeFrontier.job

< >

< >

< End of report >
  • 0

#8
john god
Posted 27 November 2013 - 05:44 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-27 17:54:42
-----------------------------
17:54:42.171 OS Version: Windows 5.1.2600 Service Pack 3
17:54:42.171 Number of processors: 1 586 0x401
17:54:42.171 ComputerName: DELL-3KDDY71 UserName: Owner
17:54:42.500 Initialize success
17:54:46.093 AVAST engine defs: 13112702
17:55:26.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:55:26.109 Disk 0 Vendor: WDC_WD800JD-75LSA0 09.01D09 Size: 76293MB BusType: 3
17:55:26.281 Disk 0 MBR read successfully
17:55:26.296 Disk 0 MBR scan
17:55:26.296 Disk 0 Windows XP default MBR code
17:55:26.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
17:55:26.296 Disk 0 scanning sectors +156232125
17:55:26.375 Disk 0 scanning C:\WINDOWS\system32\drivers
17:55:36.234 Service scanning
17:55:55.031 Modules scanning
17:56:04.562 Disk 0 trace - called modules:
17:56:04.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:56:04.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f61ab8]
17:56:05.093 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f4cd98]
17:56:05.468 AVAST engine scan C:\WINDOWS
17:56:09.484 AVAST engine scan C:\WINDOWS\system32
17:58:29.890 AVAST engine scan C:\WINDOWS\system32\drivers
17:58:44.015 AVAST engine scan C:\Documents and Settings\Owner
18:04:47.609 AVAST engine scan C:\Documents and Settings\All Users
18:05:48.421 Scan finished successfully
18:42:03.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:42:03.234 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR Log.txt"






Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (3.0.0.7011)
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox 22.0 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````


Happy Holiday To You All;
john god

Edited by john god, 27 November 2013 - 10:34 PM.

  • 0

#9
Machiavelli
Posted 28 November 2013 - 12:30 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Resetting Google Extensions

  • Run Google Chrome
  • Please type the command below into the Adress Box

chrome:extensions


  • A new Tab will open in Google Chrome
  • You will see an entry which is probably called Arcade Frontier
  • Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
  • A confirmation dialog appears, click Remove.

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (ArcadeFrontier Addon) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ArcadeFrontier.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir (MyPCBackup.com)
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
[2013/11/25 12:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup
[2013/11/21 22:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\ArcadeFrontier
[2013/11/21 22:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier
[2013/11/16 11:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging
[2013/11/16 11:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[2013/11/16 10:27:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/11/27 17:12:08 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\ArcadeFrontier.job
[2013/11/25 14:37:30 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/11/25 13:05:12 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MyPC Backup.lnk
[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IconTweaker
[2010/01/23 23:05:23 | 000,012,288 | ---- | M] () -- C:\DevPath.exe


:Files
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.0.244\
C:\WINDOWS\tasks\At*.job
C:\Program Files\MyPC Backup

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the content of the logfile which opens after the reboot ...

Adwarecleaner

  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL Scan

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Question

How is your PC running? Any issues?
  • 0

#10
john god
Posted 29 November 2013 - 01:41 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
I tried to go into google chrome, but it said to install.
I thought I had it but I guess I didn't.
I didn't want to install till I ran it by you first.

The chrome:extensions page will not let me load.
I did not want to do any thing else in case you wanted me to go in order.

This is what it said;


The webpage cannot be displayed

Most likely cause:
•Some content or files on this webpage require a program that you don't have installed.

What you can try:
Search online for a program you can use to view this web content.

Retype the address.

Go back to the previous page.
  • 0

Advertisements

#11
Machiavelli
Posted 29 November 2013 - 01:43 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
So if I'm understanding correctly you can't connect to any website?

Please procceed with the other steps. We will work from there then.

Well done so far. :thumbsup:
  • 0

#12
john god
Posted 29 November 2013 - 03:18 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
# AdwCleaner v1.606 - Logfile created 11/29/2013 at 16:19:06
# Updated 10/05/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DELL-3KDDY71
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner-1.606-en.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v31.0.1650.57

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",
Found : "js": [ "js/conduitEnv.js", "js/compatibility.start.js", "js/match.js", "js/verlyE[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "path": "search/plugins/npConduitNewTabPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT329[...]
Found : "ConduitChromeApiPlugin.dll": 1,
Found : "npConduitNewTabPlugin.dll": 1
Found : "ConduitChromeApiPlugin": {
Found : "npConduitNewTabPlugin": {

*************************

AdwCleaner[R1].txt - [1953 octets] - [29/11/2013 15:18:44]
AdwCleaner[R2].txt - [1759 octets] - [29/11/2013 16:19:06]

########## EOF - C:\AdwCleaner[R2].txt - [1887 octets] ##########



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
File C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\ not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ArcadeFrontier.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher not found.
File move failed. C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
File D:\setup.exe not found.
Folder C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup\ not found.
Folder C:\Documents and Settings\Owner\Start Menu\Programs\ArcadeFrontier\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\ not found.
Folder C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\ not found.
File C:\WINDOWS\tasks\ArcadeFrontier.job not found.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\My Documents\MyPC Backup.lnk not found.
Folder C:\Documents and Settings\Administrator\Application Data\IconTweaker\ not found.
File C:\DevPath.exe not found.
========== FILES ==========
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.0.244 not found.
File\Folder C:\WINDOWS\tasks\At*.job not found.
File\Folder C:\Program Files\MyPC Backup not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 207654 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 254261773 bytes
->Temporary Internet Files folder emptied: 52315623 bytes
->FireFox cache emptied: 15663552 bytes
->Google Chrome cache emptied: 365754420 bytes
->Flash cache emptied: 996 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280443 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1582 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2765 bytes

Total Files Cleaned = 657.00 mb


# AdwCleaner v3.013 - Report created 29/11/2013 at 18:01:58
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DELL-3KDDY71
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Owner\Application Data\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10628 octets] - [25/11/2013 12:32:40]
AdwCleaner[R1].txt - [1433 octets] - [29/11/2013 17:54:55]
AdwCleaner[S0].txt - [10699 octets] - [25/11/2013 12:42:06]
AdwCleaner[S1].txt - [1360 octets] - [29/11/2013 18:01:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1420 octets] ##########



OTL by OldTimer - Version 3.2.69.0 log created on 11292013_160242

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA6CC.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA6E5.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA74D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA766.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GIAVKRMU\index[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GIAVKRMU\index[2].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
File C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\ not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ArcadeFrontier.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher not found.
File move failed. C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a236c6f-fd70-11df-a6a3-806d6172696f}\ not found.
File D:\setup.exe not found.
Folder C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup\ not found.
Folder C:\Documents and Settings\Owner\Start Menu\Programs\ArcadeFrontier\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeFrontier\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\ not found.
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\ not found.
Folder C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\ not found.
File C:\WINDOWS\tasks\ArcadeFrontier.job not found.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\My Documents\MyPC Backup.lnk not found.
Folder C:\Documents and Settings\Administrator\Application Data\IconTweaker\ not found.
File C:\DevPath.exe not found.
========== FILES ==========
Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.0.244 not found.
File\Folder C:\WINDOWS\tasks\At*.job not found.
File\Folder C:\Program Files\MyPC Backup not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 207654 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 254261773 bytes
->Temporary Internet Files folder emptied: 52315623 bytes
->FireFox cache emptied: 15663552 bytes
->Google Chrome cache emptied: 365754420 bytes
->Flash cache emptied: 996 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280443 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1582 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2765 bytes

Total Files Cleaned = 657.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11292013_160242

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA6CC.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA6E5.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA74D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA766.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GIAVKRMU\index[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GIAVKRMU\index[2].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---------------------------------------------------------------------------------
Let me know what else you may need, I got a little confused, hope I didn't double up anything....

Also, please help me on getting my Yahoo and Google Chrome back?
Thank-You-

Edited by john god, 29 November 2013 - 05:11 PM.

  • 0

#13
Machiavelli
Posted 30 November 2013 - 01:23 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

So if I'm understanding correctly you can't connect to any website?


OTL Scan

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Question

How is your PC running? Any issues?
  • 0

#14
john god
Posted 30 November 2013 - 04:30 PM

john god

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 460 posts
Running alot better.......
I now can log into google and facebook.
My Yahoo and Google Chrome are still missing.
Tried to install with no luck.
I also keep getting this Crackle site,
and advertisements popping up...




OTL logfile created on: 11/30/2013 5:04:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 307.06 Mb Available Physical Memory | 30.28% Memory free
2.37 Gb Paging File | 1.52 Gb Available in Paging File | 64.04% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 58.40 Gb Free Space | 78.39% Space Free | Partition Type: NTFS

Computer Name: DELL-3KDDY71 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 16:50:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/11/27 13:04:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/13 00:53:05 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/13 00:53:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/13 00:36:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/03/12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/05/20 23:59:44 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:59:42 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/30 15:23:11 | 002,150,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13113001\algo.dll
MOD - [2013/11/27 13:04:07 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/13 00:53:10 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/10 10:18:23 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 10:00:26 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/10 09:17:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/10/09 10:35:48 | 016,233,864 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/08/23 09:13:10 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/22 07:25:02 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a06f7104593927a9e9be4afd4199b404\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/18 14:43:04 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/18 14:42:34 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/18 14:40:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 11:23:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/11/27 13:04:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/25 11:54:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/13 00:53:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/13 00:53:13 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/13 00:53:13 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/13 00:53:13 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/13 00:53:13 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/13 00:53:13 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/13 00:53:13 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/11/13 00:53:13 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/13 00:53:13 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/07/03 03:32:42 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/02 00:29:16 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2010/12/02 00:16:01 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (VMSCSI)
DRV - [2010/12/02 00:12:01 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/17 22:59:03 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2010/11/17 22:18:23 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009/08/18 06:50:49 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/?ilc=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?hps=213"
FF - prefs.js..extensions.enabledAddons: %7B1a68cbde-3e4c-4fae-bf49-af5ab9868e53%7D:2.0.244
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:21.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/25 14:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/21 11:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/27 13:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/27 13:03:45 | 000,000,000 | ---D | M]

[2012/10/20 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/10/20 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/11/29 17:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions
[2013/11/29 17:20:29 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/11/21 22:49:34 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
[2010/12/30 12:43:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/11/29 17:20:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/11/12 13:15:38 | 000,008,920 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\[email protected]
[2013/11/27 11:22:39 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/27 13:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 13:04:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/09/03 13:39:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\c39b4038-60dc-4343-a9c1-0b19c65adadb.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC81BF0-08F0-4B13-8AC1-43236B027715}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/29 15:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/29 15:40:53 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/11/29 14:59:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/27 17:51:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/11/27 16:50:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/27 13:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/25 12:32:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/23 00:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVAST Software
[2013/11/16 11:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteListing
[2013/11/16 11:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2013/11/16 11:02:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2013/11/16 11:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\css
[2013/11/16 11:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\modules
[2013/11/16 11:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html
[2013/11/16 11:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\js
[2013/11/16 10:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/11/16 10:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/11/16 10:27:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/11/13 14:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/11/13 00:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2013/11/13 00:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast

========== Files - Modified Within 30 Days ==========

[2013/11/30 17:00:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/11/30 16:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/30 14:37:06 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/11/30 11:44:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/30 11:44:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/29 15:40:57 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/11/29 15:18:19 | 000,581,957 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner-1.606-en.exe
[2013/11/27 18:42:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/11/27 17:51:57 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/11/27 17:51:15 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/11/27 16:50:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/21 21:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/11/13 09:30:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/13 00:53:13 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/11/13 00:53:13 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/11/13 00:53:13 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/13 00:53:13 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/11/13 00:53:13 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/11/13 00:53:13 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/11/13 00:53:13 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/13 00:53:13 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/11/13 00:53:12 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/11/13 00:53:12 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/04 18:21:41 | 000,523,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/04 18:21:41 | 000,094,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/29 17:00:24 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/11/29 15:18:19 | 000,581,957 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner-1.606-en.exe
[2013/11/27 18:42:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/11/27 17:51:11 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/08/11 12:35:08 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/08/11 12:35:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/08/07 12:36:43 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2013/06/24 09:30:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 12:35:03 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WBPU-TTL.DAT
[2013/06/23 11:20:48 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2013/03/21 22:42:05 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 22:42:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/10/21 11:36:35 | 000,193,171 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2012/10/21 11:36:34 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2012/09/20 10:50:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/30 10:29:34 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2010/12/01 19:08:24 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak

========== ZeroAccess Check ==========

[2010/12/01 17:49:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/13 00:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/11/16 10:27:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/01 18:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2013/03/30 18:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2013/03/30 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2013/11/16 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/11/16 11:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AusLogics
[2013/11/13 00:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2010/12/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Disk Cleaner
[2010/12/01 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IconTweaker
[2012/10/20 13:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/04/02 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PDF Reader Packages
[2010/12/01 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2013/03/30 18:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2013/04/02 12:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF
[2012/10/20 14:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2013/11/16 10:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2010/12/01 19:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/12/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



< End of report >

Edited by john god, 30 November 2013 - 04:48 PM.

  • 0

#15
Machiavelli
Posted 01 December 2013 - 04:33 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Tried to install with no luck.

Please describe that a little better ...

I also keep getting this Crackle site,
and advertisements popping up...

Which site? Which advertisment?

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
[2013/11/21 22:49:34 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

:Files
C:\WINDOWS\tasks\At*.job

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • The computer will reboot - please post the log which opens after the reboot in your next reply

AdwCleaner

  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Report
  • A log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

OTL Scan

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP