Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus on my computer opens new browser windows randomly and adds links


  • This topic is locked This topic is locked

#16
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Got it. Do I have to be on the internet to run this OTL? My Virus computer has a bad connection and just ran OTL and see that it stalled.
  • 0

Advertisements


#17
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Got it. Do I have to be on the internet to run this OTL? My Virus computer has a bad connection and just ran OTL and see that it stalled.
  • 0

#18
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
no, not for otl since its already on your computer.
  • 0

#19
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ok, it finished running, whew.
  • 0

#20
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
well done, now you will have to be connected for adwCleaner as you've not downloaded it before. Hopefully, OTL has helped enough that you can go online for the adwCleaner download.
  • 0

#21
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Waiting for reboot. . .the "Quickshare" application by Linkury is still on the computer also, will this take care of that one also? Same thing happens when I try to uninstall that program -gives me only 2 options - save an uninstaller (adds more virus') or cancel.
  • 0

#22
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
No, I didn't see that QUickshare was active, only that it was installed. Let's see if adwCleaner gets it. If not, I'll write a script for that one.
  • 0

#23
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Here is the results of OTL. Running Adwcleaner now.

No active process named GorillaPrice.exe was found!
Process watgorp.exe killed successfully!
Service WatGorp stopped successfully!
Service WatGorp deleted successfully!
C:\ProgramData\GorillaPrice\watgorp.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Prefs.js: "xvidly3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: %7Ba131ab52-77f3-4bd7-acc7-e2dfdfd298f0%7D:1.0 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}\ not found.
File C:\Program Files (x86)\Mozilla Firefox\extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi [2013/08/05 04:17:58 | 000,003,989 | ---- | M] not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GorillaPrice deleted successfully.
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GorillaPrice deleted successfully.
File C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe not found.
C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\windows\SysWow64\㓱ﳚᵌ™ not found.
File C:\windows\SysWow64\㓱ﳚᵌ™ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kids
->Temp folder emptied: 28102286 bytes
->Temporary Internet Files folder emptied: 8570383 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96661361 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 11621 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48432181 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
RecycleBin emptied: 252106312 bytes

Total Files Cleaned = 454.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02012014_125818

Files\Folders moved on Reboot...
C:\Users\Kids\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#24
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
adwcleaner log:

# AdwCleaner v3.018 - Report created 01/02/2014 at 13:30:08
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kids - MISTERMAGIC
# Running from : C:\Users\Kids\Contacts\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\invalidprefs.js
File Found : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\user.js
File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Folder Found : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Nation Toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Kids\AppData\Local\Conduit
Folder Found C:\Users\Kids\AppData\LocalLow\Conduit
Folder Found C:\Users\Kids\AppData\LocalLow\Delta
Folder Found C:\Users\Kids\AppData\LocalLow\PriceGong
Folder Found C:\Users\Kids\AppData\LocalLow\Smartbar
Folder Found C:\Users\Kids\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Nation Toolbar
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\Nation Toolbar
Key Found : [x64] HKCU\Software\smartbar
Key Found : [x64] HKCU\Software\smartbarbackup
Key Found : [x64] HKCU\Software\smartbarlog
Key Found : HKLM\SOFTWARE\5348c8de238eb48
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\Software\Nation Toolbar
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=0c6b69b7-3bad-40b3-bce8-dfce11779179&searchtype=ds&q={searchTerms}&installDate=15/09/2013

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\prefs.js ]

Line Found : user_pref("CT3295548_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376576132405,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3295548&CUI=UN20452569286497193&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "xvidly3 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3295548&SearchSource=2&CUI=UN20452569286497193&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3295548");
Line Found : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=0c6b69b7-3bad-40b3-bce8-dfce11779179&searchtype=nt&installDate=15/09/2013");
Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3295548&CUI=UN20452569286497193&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.bbDpng", "15");
Line Found : user_pref("extensions.delta.cntry", "US");
Line Found : user_pref("extensions.delta.dfltLng", "zht");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.hdrMd5", "2F9DBD318C203AD74AAA79B9FB8D4298");
Line Found : user_pref("extensions.delta.id", "82bdf4790000000000008c89a5d636b8");
Line Found : user_pref("extensions.delta.instlDay", "15931");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.lastVrsnTs", "1.8.22.017:53:41");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.sg", "azb");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.22.017:53:41");
Line Found : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=123485&tt=110813_Dmntr&tsp=4974");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9371 octets] - [01/02/2014 13:30:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9431 octets] ##########
  • 0

#25
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Now, a fresh OTL scan. And, then let me know how things are working.
  • 0

Advertisements


#26
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL:

OTL logfile created on: 2/1/2014 1:33:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kids\Contacts\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.49 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 71.48% Memory free
10.99 Gb Paging File | 9.09 Gb Available in Paging File | 82.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 381.94 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
Drive D: | 702.82 Mb Total Space | 693.37 Mb Free Space | 98.66% Space Free | Partition Type: UDF

Computer Name: MISTERMAGIC | User Name: Kids | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/01 13:26:14 | 001,166,132 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\AdwCleaner.exe
PRC - [2014/01/29 09:38:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/29 08:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kids\Contacts\Desktop\OTL.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/04 05:36:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/04 05:35:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/04 05:35:50 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/06/08 07:41:42 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/05/17 12:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/15 19:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2009/12/04 15:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 13:26:14 | 001,166,132 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\AdwCleaner.exe
MOD - [2014/01/29 09:38:34 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/12/04 16:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 15:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/18 15:44:02 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/10 00:45:54 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/29 09:42:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 09:38:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/04 05:36:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/04 05:35:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/15 19:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/04 05:36:40 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/04 05:36:40 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/29 15:41:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/24 11:10:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/24 11:10:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/10 01:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/08/10 01:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/10 00:07:10 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 02:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 06:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/20 01:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/03 14:24:28 | 000,870,400 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {41BC76BF-A631-435A-B120-A90B7664DA1A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LEND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/14 11:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Extensions
[2014/02/01 13:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions
[2014/02/01 13:23:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/13 16:58:21 | 000,000,000 | ---D | M] (LyricsShow) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\126
[2014/02/01 13:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\staged
[2014/02/01 12:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/29 09:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/29 09:38:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/29 09:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/01/29 09:38:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www1.delta-se..._Dmntr&tsp=4974
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://feed.snap.do/...Date=15/09/2013
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: QuickShare Widget = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: xvidly3 = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn\10.16.100.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
O4 - HKCU..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan File not found
O4 - Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55B70B6-81CD-4D1C-B948-3EE882D310EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0A66E06-343B-4876-8458-EAFC05969EE4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 13:27:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/01 12:58:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/29 09:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/29 08:58:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kids\Contacts\Desktop\OTL.exe
[2014/01/29 08:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medialink
[2014/01/29 08:00:20 | 000,870,400 | ---- | C] (Ralink Technology Corp.) -- C:\windows\SysNative\drivers\netr28ux.sys
[2014/01/29 08:00:19 | 000,303,616 | ---- | C] (Ralink Technology, Inc.) -- C:\windows\SysNative\RaCoInstx.dll
[2014/01/29 08:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medialink
[2014/01/29 08:00:04 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\InstallShield
[2014/01/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\Diagnostics
[2012/04/24 11:26:55 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2014/02/01 13:29:31 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 13:29:31 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 13:26:18 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/02/01 13:26:18 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/01 13:26:18 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/01 13:26:14 | 001,166,132 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\AdwCleaner.exe
[2014/02/01 13:22:08 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/01 13:21:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/01 13:21:54 | 129,511,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 13:00:37 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/01 12:43:38 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/31 06:36:20 | 000,002,502 | ---- | M] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
[2014/01/31 06:36:19 | 000,000,838 | ---- | M] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
[2014/01/31 06:25:49 | 000,001,000 | ---- | M] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
[2014/01/31 06:18:01 | 000,001,083 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Documents - Shortcut.lnk
[2014/01/30 03:26:45 | 000,428,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/30 03:04:55 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/01/30 03:04:53 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/01/29 16:28:01 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Internet Browser.lnk
[2014/01/29 08:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kids\Contacts\Desktop\OTL.exe
[2014/01/29 08:34:26 | 000,001,051 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/29 08:34:01 | 000,001,023 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Dropbox.lnk
[2014/01/29 08:00:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\MWN-USB150N.lnk

========== Files Created - No Company Name ==========

[2014/02/01 13:25:38 | 001,166,132 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\AdwCleaner.exe
[2014/01/31 06:18:01 | 000,001,083 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\Documents - Shortcut.lnk
[2014/01/30 03:04:55 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/01/30 03:04:53 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2014/01/29 08:21:07 | 000,001,000 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
[2014/01/29 08:17:20 | 000,002,502 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
[2014/01/29 08:17:20 | 000,000,838 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
[2014/01/29 08:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2014/01/29 08:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\drivers\RaCoInst.dat
[2014/01/29 08:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysNative\RaCoInst.dat
[2014/01/29 08:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysNative\drivers\RaCoInst.dat
[2014/01/29 08:00:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\MWN-USB150N.lnk
[2013/07/20 09:02:04 | 001,229,097 | ---- | C] () -- C:\windows\unins000.exe
[2013/07/20 09:02:04 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2013/07/20 09:02:04 | 000,076,332 | ---- | C] () -- C:\windows\unins000.dat
[2012/04/24 11:23:04 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012/04/24 11:23:04 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/11 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.minecraft
[2013/09/24 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVSoftware
[2014/02/01 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Dropbox
[2013/08/13 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Online Video Accelerator
[2013/08/15 06:06:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Open Download Manager
[2013/08/15 06:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Systweak
[2013/08/13 17:01:37 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\xVidly

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/07 12:49:04 | 096,533,415 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ﳚᵌ™
[2013/09/07 12:49:04 | 096,533,415 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ﳚᵌ™

< End of report >
  • 0

#27
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Looked in the uninstall:

Gorilla price is still there, but nothing under "size" or "version" - so there's a placeholder, but nothing there.
Quickshare still there 21.4MB - it used to just pop up on my browser and add links to the browser toolbar.
  • 0

#28
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Gorilla price is still there,

Do you mean in the Uninstall List of Control Pane;?

nothing under "size" or "version" - so there's a placeholder, but nothing there.
Quickshare still there 21.4MB - it used to just pop up on my browser and add links to the browser toolbar.


Do you mean that Quickshare is still in the uninstall list of COntrol Pannel?

it used to just pop up on my browser and add links to the browser toolbar.

Which browser? Chrome? And, is it still doing that?
  • 0

#29
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Quote
Gorilla price is still there,

Do you mean in the Uninstall List of Control Pane;? YES IN THE UNINSTALL OF THE CONTROL PANEL

Quote
nothing under "size" or "version" - so there's a placeholder, but nothing there.
Quickshare still there 21.4MB - it used to just pop up on my browser and add links to the browser toolbar.


Do you mean that Quickshare is still in the uninstall list of COntrol Pannel? YES IN THE UNINSTALL OF THE CONTROL PANEL

Quote
it used to just pop up on my browser and add links to the browser toolbar.

Which browser? Chrome? And, is it still doing that? IT DID IT ON MY FIREFOX, BUT HASN'T DONE IT FOR A WHILE

HOW DOES EVERYTHING ELSE LOOK? GOOD AND CLEAR? DO YOU THINK I CAN USE IT FOR LOGGING INTO PERSONAL STUFF W/ PASSWORDS YET?
  • 0

#30
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

YES IN THE UNINSTALL OF THE CONTROL PANEL

For both of those programs, it is understandable that they are listed there. Odd as it sounds, that it merely a list and not necessarily reflective of function (although it can be). Confused :confused: Sorry, I don't mean to be confusing :lol:. I will write a fix to remove those from the uninstall list.

As of right now, I only see Quickshare as a add on to Chrome and I'll get off on the next fix too.

GOOD AND CLEAR? DO YOU THINK I CAN USE IT FOR LOGGING INTO PERSONAL STUFF W/ PASSWORDS YET?

Don't do banking yet as I'm still assessing and I want my instructor to review your logs as well. However, go ahead an use the computer and note anything odd or reflective of Malware. I'll get back to you tomorrow
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP