Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox is opening new windows like a redirect.? [Solved]


  • This topic is locked This topic is locked

#1
elkski

elkski

    Member

  • Member
  • PipPipPip
  • 144 posts
Hi geeks,
ITs been awhile but it seems I have stepped in some do do. I am using firefox 26 just the other day I started to get firefox windows opening by themselves. sometimes for virus removal ads. I am running microsoft security essentials and it didnt detect anything..
HEre is my OTL log.


OTL logfile created on: 1/8/2014 8:39:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.41% Memory free
15.98 Gb Paging File | 13.11 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.81 Gb Total Space | 140.96 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.55% Space Free | Partition Type: NTFS
Drive F: | 6.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/08 08:38:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013/12/10 11:33:01 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/12/08 05:17:53 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/10/10 09:30:20 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
PRC - [2013/10/10 09:30:01 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe
PRC - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Laptop\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/03/20 05:34:02 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 16:13:56 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/11/27 07:30:26 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 19:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/07/08 20:30:24 | 000,195,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2013/06/13 12:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 21:42:30 | 000,077,352 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/04/30 05:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/27 09:02:29 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 15:38:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/10 11:33:02 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/02 20:10:01 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013/12/02 20:09:59 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/10 09:30:20 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013/10/10 09:30:01 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/20 05:34:02 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/27 08:51:51 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/08/09 19:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/05/22 23:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/22 23:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/05/22 23:12:48 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/22 23:12:48 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2013/02/21 12:10:12 | 000,489,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 02:43:00 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/06/21 14:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2012/11/17 12:41:42 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=353
IE - HKCU\..\SearchScopes\{59A3541B-D9AB-41AF-9BDF-7588C8944746}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...earcerms}&r=353
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-10-01 08:27:22&v=17.0.0.9&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: firefox%40whilokii.net:1.0.0
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2013/12/10 11:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/01/07 15:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Laptop\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ [2013/10/01 07:26:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/01 07:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Extensions
[2013/10/31 13:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\t2mfldmg.default\extensions
[2013/10/27 07:55:07 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\extensions\[email protected]
[2013/11/28 08:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/27 09:02:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/07 15:33:22 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Docs = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AVG SafeGuard = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_1\
CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Laptop\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Laptop\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F478E2E-E729-413C-AEC9-BA829D616DD0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/07 15:40:46 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/01/07 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2014/01/07 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Leadertech
[2014/01/07 15:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2014/01/07 15:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/01/07 15:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/01/07 15:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/01/07 15:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2014/01/07 15:29:42 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Logitech
[2014/01/07 15:29:42 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Logishrd
[2014/01/01 18:55:10 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2013/12/23 12:32:50 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/16 20:59:29 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D0D21971-9F57-4555-AEDE-4180C2ACA506}
[2013/12/16 07:52:11 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E88D128D-DEE4-4526-B5A1-95B08D0A745E}
[2013/12/15 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A9DC365E-2571-4FDB-B50A-B66BE8161E2A}
[2013/12/15 02:39:42 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{F3546CDF-FD0F-4022-923D-4761B5BACBCA}
[2013/12/14 10:29:25 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{0B3A475D-B375-476C-B198-33E82D0D0EE2}
[2013/12/13 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{230BFD3B-3C60-4C14-8413-8D746C0B6F97}
[2013/12/11 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Documents\SW Log Files
[2013/12/10 11:30:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{2EBB225F-983B-4194-9A46-C89215FE6547}
[2013/12/10 11:30:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Tracing
[2013/12/10 11:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/12/10 11:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/12/10 11:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/10 11:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/10 11:27:14 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Apple
[2013/12/10 11:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/08/29 12:05:26 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\AppData\Roaming\dotNetFx40_Full_setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/08 08:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/08 08:23:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/08 08:22:02 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/08 08:22:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/08 07:44:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 07:33:46 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\GreatArcadeHits.job
[2014/01/07 15:40:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/01/07 15:34:28 | 000,001,354 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/01/04 01:08:45 | 000,000,066 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\WB.CFG
[2014/01/01 18:50:39 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/01 18:50:39 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/01 18:50:39 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/23 12:32:50 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/12 08:34:29 | 000,156,160 | ---- | M] () -- C:\Users\Laptop\Documents\Tutor2.SLDPRT
[2013/12/11 21:50:08 | 000,000,000 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Temptable.xml
[2013/12/11 20:20:56 | 000,061,952 | ---- | M] () -- C:\Users\Laptop\Documents\tutor1.SLDPRT
[2013/12/11 19:32:11 | 000,354,304 | ---- | M] () -- C:\Users\Laptop\Documents\pressure plate.SLDDRW
[2013/12/11 19:32:10 | 000,784,384 | ---- | M] () -- C:\Users\Laptop\Documents\pressure plate.SLDPRT
[2013/12/10 15:38:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 15:38:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 11:33:22 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/12/10 11:28:56 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/07 15:34:28 | 000,001,354 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/12/19 01:36:39 | 000,000,066 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\WB.CFG
[2013/12/12 08:07:58 | 000,156,160 | ---- | C] () -- C:\Users\Laptop\Documents\Tutor2.SLDPRT
[2013/12/11 20:20:55 | 000,061,952 | ---- | C] () -- C:\Users\Laptop\Documents\tutor1.SLDPRT
[2013/12/11 19:32:10 | 000,354,304 | ---- | C] () -- C:\Users\Laptop\Documents\pressure plate.SLDDRW
[2013/12/11 19:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\Temptable.xml
[2013/12/10 11:28:56 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/10 11:27:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/07 19:16:25 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/12/02 21:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2013/11/27 16:14:00 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/10/24 08:30:59 | 000,003,748 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/09 19:41:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/08/29 12:08:01 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I am also getting a bottom banner ad from Wholiokii as well as a left side bar... I also get easyline video pop up ads. A royal PITA.
I have shown my appreciation for this website in the past.
Regards
Randy

Edited by elkski, 08 January 2014 - 10:19 AM.

  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Randy, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

I am analyzing your log now. Please post the Extras.txt log and I will return with some instructions.
  • 0

#4
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Hi, thanks for the fast action... I am usually pretty good at doing what you guys ask on my end... I did try to shut off THe WWholiokii . I still get redirects or actually new firefox tabs opening. and the lower banner ad.
Sorry i ran the full scan on OTL.
Randy


OTL Extras logfile created on: 1/8/2014 8:39:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.41% Memory free
15.98 Gb Paging File | 13.11 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.81 Gb Total Space | 140.96 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.55% Space Free | Partition Type: NTFS
Drive F: | 6.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9F272B-BDD0-45E0-9FAC-634EA44B94EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{2478BCA8-DEDB-4851-9A53-54EB948E9E06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{295A9013-C4CF-41E5-BCC4-A7243C73D14F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B6D4D8D-8006-4749-ADF0-82F3B05C6C8E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4103AE69-0364-499C-A621-DBDDB3A822E0}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{5AF8FBA4-D349-441D-8E67-0BBE0C434321}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BA64590-B621-4B95-B44D-25702BCB8543}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CADC2A0-CBE2-4EBC-B571-8B6A02950DBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6032275C-CF88-4F2A-999D-0F315203A7F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{6794E7A3-0DAA-4A4B-B251-E240EA1E7908}" = rport=138 | protocol=17 | dir=out | app=system |
"{67EA0450-FF10-4EF8-B280-1CB02EFC438D}" = lport=445 | protocol=6 | dir=in | app=system |
"{69FB3458-612D-4598-8C87-77E4ABB7F610}" = rport=137 | protocol=17 | dir=out | app=system |
"{6BFFD98F-F704-4F40-B8ED-DD28927CADD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{72FB2C05-67D9-4B7C-A2C0-184DB50144E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{84A90009-21EE-4FB1-B8DA-BBF584E99213}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CEC2160-FD45-48C5-BB8A-6829E4114B86}" = lport=137 | protocol=17 | dir=in | app=system |
"{946270B7-4942-4D67-A4F9-4E2E902BE687}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BBE444C3-3C05-4082-9BFF-BF0CDA73A3A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C72BC3C3-351F-4ADA-8156-3F108023FF0D}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE7D1BDF-7527-46D0-A6FA-170AF9F272AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3C63F8C-1C61-4613-8D3F-99E238061C98}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA62350A-68FF-4D3E-B302-BABB4E1AA7CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC5CB062-CB83-45A6-864F-07B038B4C1FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCEB5081-F455-4532-AF40-48A5C484B7C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BA3FE4-779F-463F-8A00-CB3205FD6E92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{067565E9-E01C-4825-91ED-0939569015FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{259314C8-5BD5-476E-8E5D-3E3845E77810}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A36A35C-4861-461D-9733-F3DEDAF584FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C80E670-783E-47F7-A908-C498E665AC20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C9FC190-D29C-45D8-AF00-35ED9393F078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31222815-1500-45CA-9D64-C3943F0336AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FD92C36-264A-405A-B610-1251D2A68344}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49397822-D14B-4F13-8E3C-B2532AD0525E}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360.exe |
"{4FEFBD27-5744-4390-AE3E-3AECE7DE1C61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5907975A-03E4-4029-9795-25D9DEFC4FB4}" = protocol=58 | dir=out | [email protected],-28546 |
"{61208A6B-A950-477E-9315-8C5D6B2F4E49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{624804EA-B8F4-41D0-A5F8-4F550A8658A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E83571B-BB20-4893-927A-DF4A5219D7D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7763CC77-1E29-4370-91E8-EFCDDD261C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7848164C-5E33-44EB-A4E2-AEC4C8AD9191}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360_cl.exe |
"{8690FDD6-CC7F-4360-9DAD-D7DD0823AFC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{916F2C83-0E64-420A-B9AA-AE4C5B82D51F}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360_cl.exe |
"{95697B5C-86AF-4E2E-9FCF-3415F92B533E}" = protocol=1 | dir=in | [email protected],-28543 |
"{966C099F-EB31-4CE4-819D-03F481263FF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CBF5D53-7D43-496D-9959-115216CDBC3E}" = protocol=58 | dir=in | [email protected],-28545 |
"{9E4B0070-F66F-4D0A-B497-FD9A72F9F31C}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\swscheduler\dtscoordinatorservice.exe |
"{A37D0C73-191C-4E26-B0F0-55C5D6272131}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AE692C9B-D575-439F-8698-75AFB0329D50}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B231A7ED-5A5B-4A2D-972B-9543D0EFD2D6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B9280DCA-DC41-4AB7-95D9-C0AA2444E688}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B92D168D-D6F9-4B48-A918-17EAE6A0763A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BA18375F-706A-4A85-96FF-E4C06F844D35}" = protocol=1 | dir=out | [email protected],-28544 |
"{D3E4ADFF-FA6C-4A27-8C7E-5650911F4C0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB8DFC83-B1AC-4439-9542-DC3CABD94080}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360.exe |
"{E4E43D26-7315-4EC9-A5E2-4F92F1E7E341}" = protocol=6 | dir=out | app=system |
"{E913556A-A684-4DB1-8823-BB2A0BE4B387}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9BE3919-6648-4842-831D-786C1FD8C7F9}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\swscheduler\dtscoordinatorservice.exe |
"TCP Query User{732A5A4E-122C-4A77-BD3C-7D4F1984A17F}C:\users\laptop\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\laptop\appdata\local\akamai\netsession_win.exe |
"TCP Query User{AEA1F199-1F34-4389-8327-9AD39B496767}C:\users\laptop\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\laptop\appdata\local\akamai\netsession_win.exe |
"UDP Query User{51C8DEB6-3D55-40F1-BACD-5DAAAC369DD0}C:\users\laptop\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\laptop\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C9560E90-1414-48B4-B70A-36D8F13E3E88}C:\users\laptop\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\laptop\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{168EB20E-FC09-4D2E-83A9-49483710304C}" = SolidWorks Explorer 2013 SP03 x64 Edition
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
"{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{4B5B6BB3-DA04-4B56-AE17-DDBF3F446888}" = Intel® Network Connections 18.5.54.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English
"{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC2165BD-762D-420B-AD33-20FACAA7112B}" = SolidWorks eDrawings 2013 x64 Edition SP03
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6B5EA7E-B91F-443D-A958-B0062FB53804}" = SolidWorks 2013 x64 Edition SP03
"{BA812540-2D88-4A6A-A527-E7728D577D7D}" = SolidWorks Plastics 2013 SP03 x64 Edition
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"22CCD58B53472BE3FCAFF05631111C4062959A43" = Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30)
"AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English
"Autodesk ReCap" = Autodesk ReCap
"BD00013670D26C16E19F284BF8E15DAF813497C7" = Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30)
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 18.5.54.0
"sp6" = Logitech SetPoint 6.61
"Whilokii" = Whilokii 1.0.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AB18A98-082D-41A1-B269-7FA8AD3AA30C}" = Garmin Express Tray
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = CloudReading
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6f60b921-2ae3-43fe-a6fb-ad849bd91451}" = Garmin Express
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B3931BE3-3189-4A07-833C-50527AC4F2F4}" = Garmin Express
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}" = Google+ Auto Backup
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2E9C364-0DFD-434B-AF0D-3F5D095B3F8F}" = Elevated Installer
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Content Service" = Autodesk Content Service
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"SolidWorks Installation Manager 20130-40300-1100-100" = SolidWorks 2013 x64 Edition SP03
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"UpdaterEX" = Extended Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2014 2:42:47 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10030

Error - 1/8/2014 2:42:48 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/8/2014 2:42:48 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11107

Error - 1/8/2014 2:42:48 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11107

Error - 1/8/2014 2:42:49 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/8/2014 2:42:49 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12121

Error - 1/8/2014 2:42:49 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12121

Error - 1/8/2014 2:42:50 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/8/2014 2:42:50 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13291

Error - 1/8/2014 2:42:50 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13291

[ System Events ]
Error - 11/22/2013 7:32:41 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1722.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 11/22/2013 7:32:41 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1722.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.10003.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 11/22/2013 7:32:41 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1722.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.10003.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 11/22/2013 7:32:41 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 109.17.0.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 11/22/2013 8:03:32 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1722.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.10003.0 Error code: 0x8000ffff Error description: Catastrophic
failure

Error - 11/22/2013 8:03:32 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1722.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.10003.0 Error code: 0x8000ffff Error description: Catastrophic
failure

Error - 12/2/2013 11:49:44 PM | Computer Name = Laptop-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:27:19 PM on ?12/?2/?2013 was unexpected.

Error - 12/3/2013 12:24:23 AM | Computer Name = Laptop-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/16/2013 10:52:22 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater17.2.0 service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/20/2013 11:17:20 AM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.161.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
Wholiokii
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Let's see if this will clean you up.


Step-1.

Uninstall Programss

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Whilokii 1.0.0
AVG SafeGuard toolbar


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/12/10 11:33:01 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/10/10 09:30:20 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
PRC - [2013/10/10 09:30:01 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe
PRC - [2013/03/20 05:34:02 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
SRV - [2013/12/10 11:33:02 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/10/10 09:30:20 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013/10/10 09:30:01 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013/03/20 05:34:02 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
DRV:64bit: - [2013/11/27 08:51:51 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
FF - prefs.js..extensions.enabledAddons: firefox%40whilokii.net:1.0.0
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2013/12/10 11:33:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Laptop\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ [2013/10/01 07:26:48 | 000,000,000 | ---D | M]
[2013/10/27 07:55:07 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\extensions\[email protected]
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Laptop\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
[2014/01/08 08:22:02 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/08 07:33:46 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\GreatArcadeHits.job

:FILES
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\24x7Help
C:\ProgramData\AVG SafeGuard toolbar
C:\Users\Laptop\AppData\Local\GreatArcadeHits
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\SysWow64\GPhotos.scr.
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The VirusTotal URL link
2. The OTL fixes log
3. The AdwCleaner[R0].txt log
4. Let me know if the popups and ads have stopped and how the computer is running now.
  • 0

#6
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
https://www.virustot...48414/analysis/

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process loggingserver.exe killed successfully!
No active process named utilWhilokii.exe was found!
No active process named updateWhilokii.exe was found!
No active process named App24x7Svc.exe was found!
Error: No service named vToolbarUpdater17.2.0 was found to stop!
Service\Driver key vToolbarUpdater17.2.0 not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe moved successfully.
Error: No service named Util Whilokii was found to stop!
Service\Driver key Util Whilokii not found.
File C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe not found.
Error: No service named Update Whilokii was found to stop!
Service\Driver key Update Whilokii not found.
File C:\Program Files (x86)\Whilokii\updateWhilokii.exe not found.
Service 24x7HelpSvc stopped successfully!
Service 24x7HelpSvc deleted successfully!
C:\Program Files (x86)\24x7Help\App24x7Svc.exe moved successfully.
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Prefs.js: firefox%40whilokii.net:1.0.0 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 not found.
Registry value HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ not found.
C:\Users\Laptop\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content folder moved successfully.
C:\Users\Laptop\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome folder moved successfully.
C:\Users\Laptop\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} folder moved successfully.
File C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\extensions\[email protected] not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}\ deleted successfully.
C:\Users\Laptop\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll not found.
C:\Windows\Tasks\UpdaterEX.job moved successfully.
C:\Windows\Tasks\GreatArcadeHits.job moved successfully.
========== FILES ==========
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1 folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
C:\Program Files (x86)\Whilokii folder moved successfully.
C:\Program Files (x86)\24x7Help\Update folder moved successfully.
C:\Program Files (x86)\24x7Help folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\Logger folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\CrashReport folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
C:\Users\Laptop\AppData\Local\GreatArcadeHits folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Laptop\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Laptop\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Laptop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laptop
->Temp folder emptied: 806802111 bytes
->Temporary Internet Files folder emptied: 208362746 bytes
->FireFox cache emptied: 20223380 bytes
->Google Chrome cache emptied: 11834976 bytes
->Flash cache emptied: 39871 bytes

User: Public

User: wangzhisong

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1098371341 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43273706 bytes
RecycleBin emptied: 260665903 bytes

Total Files Cleaned = 2,336.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01082014_130214

Files\Folders moved on Reboot...
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll not found!
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v3.016 - Report created 08/01/2014 at 13:17:53
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\user.js
File Found : C:\Users\Public\Desktop\24x7 help.lnk
File Found : C:\Windows\System32\Tasks\UpdaterEX
Folder Found : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Found C:\Users\Laptop\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Laptop\AppData\Local\AVG Secure Search
Folder Found C:\Users\Laptop\AppData\Local\eSupport.com
Folder Found C:\Users\Laptop\AppData\Local\Mobogenie
Folder Found C:\Users\Laptop\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Laptop\AppData\Roaming\24x7 help
Folder Found C:\Users\Laptop\AppData\Roaming\UpdaterEX
Folder Found C:\Users\Laptop\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\24x7help
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\24x7help
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\24x7help
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6403 octets] - [08/01/2014 13:17:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6463 octets] ##########



Laptop is not sluggish now and no pop ups at the minute... they were so prevalent that it msut be fixed mostly??
Randy
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Laptop is not sluggish now and no pop ups at the minute... they were so prevalent that it msut be fixed mostly??

That killed a bunch of rubbish. Let's see what else we can kill.

The GPhotos.scr file that I had you upload is shown to be a trojan (Trojan.Exception.gen.101) by ByteHero. Since this is a screensaver from Google that is installed with Picasso updates I can't really say that it is a trojan. But if you don't use the Google screensaver you can delete it and save the space.
Just navigate to the C:\Windows\SysWow64 folder and delete the GPhotos.scr file.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The checkup.txt log
  • 0

#8
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I am not sure I ran as administratyor


# AdwCleaner v3.016 - Report created 09/01/2014 at 09:22:07
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Laptop\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Laptop\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Laptop\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Laptop\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Laptop\Documents\Mobogenie
Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Public\Desktop\24x7 help.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\user.js
File Deleted : C:\Windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\24x7help
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6587 octets] - [08/01/2014 13:17:53]
AdwCleaner[R1].txt - [6647 octets] - [09/01/2014 09:20:07]
AdwCleaner[S0].txt - [6485 octets] - [09/01/2014 09:22:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6545 octets] ##########
  • 0

#9
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
ran as administrator


# AdwCleaner v3.016 - Report created 09/01/2014 at 09:29:53
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6587 octets] - [08/01/2014 13:17:53]
AdwCleaner[R1].txt - [6647 octets] - [09/01/2014 09:20:07]
AdwCleaner[R2].txt - [1200 octets] - [09/01/2014 09:27:01]
AdwCleaner[S0].txt - [6649 octets] - [09/01/2014 09:22:07]
AdwCleaner[S1].txt - [1123 octets] - [09/01/2014 09:29:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1183 octets] ##########
  • 0

#10
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Laptop on Thu 01/09/2014 at 9:35:38.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{0B3A475D-B375-476C-B198-33E82D0D0EE2}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{207BF936-F285-4C08-BEB4-B89CE5E9FB19}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{230BFD3B-3C60-4C14-8413-8D746C0B6F97}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2EBB225F-983B-4194-9A46-C89215FE6547}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4CA533EB-9685-4A75-9F3B-E10182151873}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5D4FDF08-9144-4CF6-9704-5A2ACB578D8B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{93BBDC5E-FD35-4F5C-8F5B-FAE2DE7684FA}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A9DC365E-2571-4FDB-B50A-B66BE8161E2A}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{B48693C8-CFDB-4924-83A8-E367B463B830}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D0D21971-9F57-4555-AEDE-4180C2ACA506}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E5A76122-B3FC-4551-8BD4-756F0D63CFE9}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E88D128D-DEE4-4526-B5A1-95B08D0A745E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{F3546CDF-FD0F-4022-923D-4761B5BACBCA}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/09/2014 at 9:47:28.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements


#11
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
checkup wouldn't run.

UNSUPPORTED OPERATING SYSTEM! ABORTED!
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

checkup wouldn't run.

UNSUPPORTED OPERATING SYSTEM! ABORTED!

It happens sometimes. Restarting the computer helps it recognize the system in some cases.

Please power the system down using Shut Down from the Start Orb.
Wait 30-60 seconds.
Reboot the computer.
Try the SecurityCheck again. Make sure you right click the SecurityCheck.exe file and click Run as Administrator to run the application.
  • 0

#13
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
that worked

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
None of the programs are out of date. That's good. But let's check the Security Center service.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The FSS.txt log
  • 0

#15
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Farbar Service Scanner Version: 08-01-2014
Ran by Laptop (administrator) on 09-01-2014 at 17:31:02
Running from "C:\Users\Laptop\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP