Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MalwareBytes found things... can I delete? [Solved]

Started by Faithsa , Jan 15 2014 03:20 PM

This topic is locked

#1
Faithsa

Posted 15 January 2014 - 03:20 PM

Member

Member
190 posts

Malwarebytes found these things in a scan. Are they safe to delete?

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-5F64AFAA0 [administrator]

1/15/2014 3:32:37 PM
MBAM-log-2014-01-15 (16-17-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235010
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCR\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A} (PUP.Optional.TidyNetwork.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295 (PUP.Optional.TidyNetwork.A) -> No action taken.

Files Detected: 44
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\Autorun.inf (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\ffassist.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\ie8starter.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\iehpr.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\log.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\OldStyleSB.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\OSD958B.OSD (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\progress.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\safari.safariextz (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\Tnt2Cbt.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\untar.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\icon.ico (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\inst.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\PARTNER.3.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\partner.dat (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\runt.ini (PUP.Optional.TidyNetwork.A) -> No action taken.

(end)

#2
Faithsa

Posted 15 January 2014 - 04:31 PM

Member

Topic Starter
Member
190 posts

Here's the OTL log:

OTL logfile created on: 1/15/2014 5:01:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.23 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 31.09% Memory free
4.31 Gb Paging File | 2.00 Gb Available in Paging File | 46.45% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 738.55 Gb Free Space | 79.29% Space Free | Partition Type: NTFS

Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/15 17:00:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2014/01/12 21:37:03 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/12 21:37:03 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/06 23:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/02 19:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/11/27 09:21:36 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/11/27 09:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/11/15 20:08:01 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/11/13 15:34:33 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/08 15:14:40 | 001,095,000 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/31 15:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/06/13 14:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/23 00:47:28 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/11/20 15:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/15 13:31:50 | 000,041,984 | ---- | M] () -- c:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnvyqsk.dll
MOD - [2014/01/14 12:11:12 | 002,153,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14011401\algo.dll
MOD - [2014/01/13 09:25:03 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2014/01/13 09:25:03 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2014/01/06 23:05:53 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/06 23:05:52 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll
MOD - [2014/01/06 23:05:49 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/06 23:04:42 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2013/12/17 21:25:54 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/11/22 23:41:52 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\1a2ef04173bbfa62eb1296528a07adb7\System.ServiceProcess.ni.dll
MOD - [2013/11/22 23:41:51 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7aff398879a30180adbc9f23872d6ed6\System.ServiceModel.Routing.ni.dll
MOD - [2013/11/22 23:41:49 | 001,152,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4804945b91a54bb958d99d71317c88d6\System.ServiceModel.Discovery.ni.dll
MOD - [2013/11/22 23:41:48 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\03414454aaccb4efd51aa572bf79fade\System.ServiceModel.Channels.ni.dll
MOD - [2013/11/22 23:41:46 | 001,547,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\88e2becebcce584a2b98c35ac3b4516a\System.ServiceModel.Activities.ni.dll
MOD - [2013/11/22 23:41:40 | 018,127,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9176c1a7d9a4af8cf94341fd26b104ce\System.ServiceModel.ni.dll
MOD - [2013/11/22 23:41:07 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\a6c6325e908cca648074d770e5d7371e\System.Management.ni.dll
MOD - [2013/11/22 23:41:01 | 001,077,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\575d69df74a1d994098d9bcf274b9562\System.IdentityModel.ni.dll
MOD - [2013/11/22 23:38:38 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6d1630d02ce20dc93500da38b103e220\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/11/22 23:38:37 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a72606feaebce8525f221cb4b0b96f3d\SMDiagnostics.ni.dll
MOD - [2013/11/22 23:38:36 | 002,657,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a03e4ab9a1b3f56734bf5902b977981c\System.Runtime.Serialization.ni.dll
MOD - [2013/11/22 23:38:32 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4f7185e7bc8ff56a652ca501356cf98d\System.Xml.Linq.ni.dll
MOD - [2013/11/22 23:38:31 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\171d7a6c74a74fa4f742155c157f322a\System.Xaml.ni.dll
MOD - [2013/11/22 22:14:52 | 018,001,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c8d279bca2d614816f66614a126bb8d9\PresentationFramework.ni.dll
MOD - [2013/11/22 22:14:34 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\f0fe367d990d6ce2b4c0b79a23ca9c10\PresentationCore.ni.dll
MOD - [2013/11/22 22:14:26 | 006,864,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\d9ac7a08828bee75790fedc5b3ad909a\System.Data.ni.dll
MOD - [2013/11/22 22:14:18 | 003,858,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\2e28b4ec7fc56196bc428b1f0bb56531\WindowsBase.ni.dll
MOD - [2013/11/22 22:14:12 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9470d86204a9bafb04a3a8652a5c65b8\System.Xml.ni.dll
MOD - [2013/11/22 22:14:11 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b7b4512b45e0d252cc3a9ebec0ed79f9\PresentationFramework.Classic.ni.dll
MOD - [2013/11/22 22:14:08 | 000,736,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\34619ac263ccadc464773481b8bdb24c\System.Security.ni.dll
MOD - [2013/11/22 22:14:07 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\3230cdc86a08795a5ed94effd602ace5\System.Configuration.ni.dll
MOD - [2013/11/22 22:14:06 | 013,102,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7dd7ca10c4314c8fcfd39b55cdb49ce1\System.Windows.Forms.ni.dll
MOD - [2013/11/22 22:14:03 | 007,053,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\6897ee3309ad13edf00a082a11cf5535\System.Core.ni.dll
MOD - [2013/11/22 22:13:55 | 001,653,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\188eaf34968fd321e4fb2046496090fa\System.Drawing.ni.dll
MOD - [2013/11/22 22:13:49 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af264ee88b09d41f8a00e3b42afe724b\System.ni.dll
MOD - [2013/11/22 22:13:39 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\441fda1590ef311b4021510a76b768cb\mscorlib.ni.dll
MOD - [2013/11/17 09:18:46 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/12/23 01:05:26 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d4c48012c8eda472d18105e0417b9d6f\System.Web.ni.dll
MOD - [2012/12/23 01:05:00 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll
MOD - [2012/12/23 01:04:47 | 001,740,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\900525e192ca3d523143207ac11ae5f5\Microsoft.VisualBasic.ni.dll
MOD - [2012/12/23 01:01:24 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll
MOD - [2012/12/23 01:01:17 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c70e5d82578be2f6c0dde89182261c5\System.Windows.Forms.ni.dll
MOD - [2012/12/23 01:01:04 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c91f68c2920882e02aec00eeabb6b415\System.Drawing.ni.dll
MOD - [2012/12/23 00:59:50 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll
MOD - [2012/12/23 00:59:39 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll
MOD - [2012/12/23 00:55:10 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - [2014/01/12 21:37:03 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/11 03:27:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/27 09:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/11/14 15:31:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/13 15:34:33 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/13 14:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2014/01/15 15:32:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/01/12 21:37:08 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/12 21:37:08 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/12 21:37:08 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/12 21:37:08 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/12 21:37:08 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/12 21:37:07 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/11/17 09:18:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/09/17 16:59:51 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/07/24 10:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2013/05/23 01:12:38 | 000,028,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2013/05/23 01:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 01:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 01:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 01:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/05/23 01:12:26 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/08/05 11:27:40 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/12 14:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/04/09 13:11:00 | 000,024,424 | ---- | M] (ADMtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {AFAA0202-BB69-461E-8C6B-3DA780223E12}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 43 3B 2F DB DD CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B156CE15-8648-4CE0-8E98-2A424CE71429}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/15 20:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/15 20:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/12 21:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/13 16:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 13:33:49 | 000,000,000 | ---D | M]

[2013/10/30 10:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/11/22 22:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions
[2013/11/22 22:05:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/28 22:47:17 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/11/13 16:11:59 | 000,000,000 | ---D | M] ("XFINITY Constant Guard Protection Suite") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\idvaultaddin@whitesky
[2013/01/04 13:39:39 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/11/13 16:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/17 17:55:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/13 16:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 17:55:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 21:28:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/22 22:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/11/22 22:07:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/22 22:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/11/22 22:06:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/22 22:06:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/12 21:37:09 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/27 16:36:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2013/11/15 20:08:11 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://mail.google....0/?shva=1#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: JavaScript Popup Blocker = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/30 11:05:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279485110015 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43252356-6AC6-4445-909D-D73C3DC47A47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/18 14:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 15:31:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/01/07 00:24:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Dropbox
[2014/01/07 00:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DropboxMaster
[2014/01/07 00:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/01/07 00:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
[2014/01/07 00:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2014/01/06 23:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Elephant Games
[2014/01/06 23:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2014/01/06 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2013/12/25 13:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LeapFrog
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/15 16:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 16:15:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/15 15:56:03 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/15 15:32:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/01/15 13:31:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2014/01/15 13:31:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/15 13:31:50 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/01/15 13:31:49 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2014/01/15 13:31:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2014/01/15 13:30:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 13:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/15 12:47:18 | 000,017,083 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Wrap list & values 1-2-14.odt
[2014/01/14 12:13:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/12 21:37:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/01/12 21:37:08 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/01/12 21:37:08 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/01/12 21:37:08 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/12 21:37:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/01/12 21:37:08 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/01/12 21:37:07 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/01/12 21:37:07 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/01/12 21:37:07 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/01/12 06:19:09 | 000,126,252 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HUGHS BOARDING PASS.pdf
[2014/01/11 19:23:31 | 000,035,391 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2014 Jan 11 Budget - Hugh & Sabrina.ods
[2014/01/10 22:53:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2014/01/07 00:24:29 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2014/01/07 00:20:56 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/24 13:06:05 | 000,026,824 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2013 Dec 23 Budget - Hugh & Sabrina.ods
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 21:59:40 | 000,169,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/01/12 06:18:58 | 000,126,252 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HUGHS BOARDING PASS.pdf
[2014/01/11 15:28:43 | 000,035,391 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2014 Jan 11 Budget - Hugh & Sabrina.ods
[2014/01/07 00:24:29 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2014/01/07 00:20:56 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/02 14:37:22 | 000,017,083 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Wrap list & values 1-2-14.odt
[2013/12/24 13:06:03 | 000,026,824 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2013 Dec 23 Budget - Hugh & Sabrina.ods
[2013/11/17 09:18:53 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/17 09:18:53 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/27 21:18:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 22:58:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 22:58:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/03/30 08:36:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2012/12/23 00:46:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
[2012/06/29 12:52:18 | 002,099,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-412668190-1417001333-1003-0.dat
[2012/06/29 12:52:09 | 000,332,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/18 16:49:20 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 10:31:00 | 767,354,880 | ---- | C] () -- C:\Program Files\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO

========== ZeroAccess Check ==========

[2012/12/23 00:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/15 21:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/06 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2013/11/17 09:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/18 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/11/15 19:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/01/08 14:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2014/01/08 12:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/27 09:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2014/01/08 16:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/27 10:46:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/27 10:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/12/23 00:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/09/28 20:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/06 23:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2013/11/22 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2013/06/08 14:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/11/04 15:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/09/28 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/11/24 21:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/01/07 00:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 15:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2012/11/26 13:03:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/30 08:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F7367F58-5836-4168-962C-6EE09FA340B5}
[2013/11/17 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2010/09/28 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/08/22 05:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/12/22 01:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2012/11/03 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/07/27 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Casual Arts
[2011/06/14 15:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2012/12/07 23:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Rhapsody.RhapsodyCloudSync
[2012/11/14 15:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2014/01/15 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2014/01/07 00:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DropboxMaster
[2014/01/06 23:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elephant Games
[2013/11/22 22:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2013/11/08 11:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ID Vault
[2012/02/11 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2013/11/18 21:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice
[2010/08/18 11:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/07/07 00:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PandoraRecovery
[2013/11/02 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2012/12/23 00:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
[2013/07/31 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2012/09/20 14:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThreeDays2
[2011/06/27 12:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/11/18 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/12/23 08:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5539129F

< End of report >

#3
pystryker

Posted 16 January 2014 - 06:19 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks to Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello

I'm currently working on a fix for your machine as I do see a couple things in the OTL log that need to go.

#4
pystryker

Posted 17 January 2014 - 07:11 AM

Trusted Helper

Malware Removal
3,912 posts

Hello, we have some work to do, so let's get started.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Remove Items in MBAM

Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware
Click on the Update tab then click Check for Updates
If an update is found, it will download and install the latest version.
Once the program has loaded, check the following settings:
- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
On the Scanner tab, check Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Step 2: Remove Chrome Plugins

There are some plugins in Chrome that need to be disabled, please follow the instructions below to disable them.

Start Chrome and type this into the address bar: chrome:plugins

This will display a page of all the installed plugins. Please disable the plugins in the list below by clicking the word Disable under each one.

If one of the plugins I've asked you to remove is not in the list, don't worry about it. Just move to the next one in the list.

Please disable the following plugins:

npAPI Plugin

npAPI Ghost Plugin

My Web Search Plugin

Step 3: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {AFAA0202-BB69-461E-8C6B-3DA780223E12}
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5539129F

:Commands
[emptytemp]

Click the Run Fix button at the top of the OTL control panel.
Let the program run until it's finished and then reboot the computer.
Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Posted Image

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 5: Junkware Removal Tool

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 6: OTL Quick Scan

Start OTL and this time click the Quick Scan button
OTL will scan your system and produce one log when finished.
Please post that log in your next reply.

Things I need to see in your next post:

MBAM Log

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool

#5
Faithsa

Posted 18 January 2014 - 08:27 PM

Member

Topic Starter
Member
190 posts

ok, great. I will work on this tomorrow after church as I'm exhausted tonight and don't see my brain getting this right at the moment. lol

#6
pystryker

Posted 18 January 2014 - 08:40 PM

Trusted Helper

Malware Removal
3,912 posts

#7
Faithsa

Posted 19 January 2014 - 04:45 PM

Member

Topic Starter
Member
190 posts

I have been looking and cannot figure out how to disable avast?? any ideas?

#8
pystryker

Posted 19 January 2014 - 08:04 PM

Trusted Helper

Malware Removal
3,912 posts

Right click on the Avast icon in the lower right hand corner of your desktop.

Select avast shields control and select Disable until computer is restarted.

Click Yes when Avast asks you are you sure?

You can proceed from there with the steps. :thumbsup:

#9
Faithsa

Posted 21 January 2014 - 09:22 AM

Member

Topic Starter
Member
190 posts

I'm sorry, I got nailed with a nasty bug and have been in bed since yesterday. I'm a little better today and hope to get back down to deal with the PC tomorrow. Thanks for your patience.

#10
pystryker

Posted 21 January 2014 - 10:19 AM

Trusted Helper

Malware Removal
3,912 posts

I'm sorry, I got nailed with a nasty bug and have been in bed since yesterday. I'm a little better today and hope to get back down to deal with the PC tomorrow. Thanks for your patience.

No worries, you're welcome. :thumbsup:

Whenever you can get to it will be fine. I hope you get to feeling better.

#11
Faithsa

Posted 22 January 2014 - 09:42 AM

Member

Topic Starter
Member
190 posts

OK. Got to the otl fix and its been stuck at killing processes for about 20-30 min now?

#12
Faithsa

Posted 22 January 2014 - 12:45 PM

Member

Topic Starter
Member
190 posts

It completely froze. I did a hard shut down and rebooted. I did the MalwareBytes scan here is the log below, I don't have any of those chrome plug ins. And I tried to do the otl fix and it froze before it even got started.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.22.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-5F64AFAA0 [administrator]

1/22/2014 9:57:16 AM
mbam-log-2014-01-22 (09-57-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236196
Time elapsed: 11 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

Files Detected: 44
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\ffassist.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\ie8starter.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\iehpr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\OldStyleSB.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\OSD958B.OSD (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\safari.safariextz (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\Tnt2Cbt.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\icon.ico (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\inst.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\PARTNER.3.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\runt.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

(end)

#13
pystryker

Posted 22 January 2014 - 01:53 PM

Trusted Helper

Malware Removal
3,912 posts

Ok, I'll tweak the OTL fix, but will need to get it approved. Go ahead and run AdwCleaner and Jrt and post those logs when complete. Hold off on the OTL quick scan though. :thumbsup: