Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Conduit search hijack [Solved]


  • This topic is locked This topic is locked

#1
67mopar

67mopar

    Member

  • Member
  • PipPipPip
  • 199 posts
Hi can anyone see any problems with any software in these logs? I have that conduit attched to my search. Here are the first MB and otl logs
OTL logfile created on: 02/09/2014 7:45:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.47% Memory free
6.18 Gb Paging File | 4.72 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 14.30 Gb Free Space | 12.91% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/09 19:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad\Downloads\OTL.exe
PRC - [2014/02/06 09:45:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/05 10:28:12 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\dad\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/04 13:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/14 21:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/20 16:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/06 09:45:36 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/05 10:28:11 | 016,287,624 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_44.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (0050841232311355mcinstcleanup)
SRV - [2014/02/06 09:45:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 10:28:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/07 18:05:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abvzcc19)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/09/21 16:44:21 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/21 16:44:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/02 08:10:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/29 09:14:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/01/13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/27 00:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/08/15 09:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006/12/28 11:05:10 | 000,033,936 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/22 13:41:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2006/11/22 13:40:50 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/11/22 13:40:34 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/22 13:40:20 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2006/11/22 13:40:02 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2006/11/22 13:39:14 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2006/11/22 13:39:00 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2000/11/15 09:32:38 | 000,002,204 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UNINST2K.SYS -- (UNINST2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1098640

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...C807A24E&SSPV="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/06 09:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/06 09:45:22 | 000,000,000 | ---D | M]

[2011/08/19 08:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Extensions
[2014/02/09 19:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions
[2012/02/04 08:57:49 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/16 14:51:57 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/09 16:59:27 | 000,000,975 | ---- | M] () -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\searchplugins\conduit-search.xml
[2014/02/06 09:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/06 09:45:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...EC807A24E&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.123.1.4_0\
CHR - Extension: Google Search = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/10 06:23:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\dad\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71072450-D442-48B7-81A4-9E5509574C1E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\Malwarebytes
[2014/02/09 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/09 16:39:51 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\52f7f609cd6da198680085c3
[2014/02/06 09:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/04 21:30:32 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\Verizon Messages_files
[2014/02/04 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams_files
[2014/01/29 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter_files
[2014/01/27 09:01:30 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends_files
[2014/01/26 14:32:03 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV_files
[2014/01/26 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\SportStream.tv_files
[2014/01/17 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\deck Job

========== Files - Modified Within 30 Days ==========

[2014/02/09 19:53:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/09 19:51:49 | 000,000,930 | ---- | M] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/09 19:28:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 19:24:31 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 19:24:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 19:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 19:24:15 | 3210,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/07 10:15:56 | 000,325,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/07 10:15:56 | 000,210,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/05 10:28:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/05 10:28:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/05 08:46:22 | 000,207,816 | ---- | M] () -- C:\Users\dad\Desktop\0131141209.jpg
[2014/02/04 21:30:33 | 000,229,187 | ---- | M] () -- C:\Users\dad\Desktop\Verizon Messages.htm
[2014/02/04 20:28:01 | 000,376,891 | ---- | M] () -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams.htm
[2014/02/02 19:02:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2014/01/31 18:09:48 | 000,007,066 | ---- | M] () -- C:\Users\dad\Desktop\peaarl usa.jpg
[2014/01/29 17:26:58 | 000,205,585 | ---- | M] () -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter.htm
[2014/01/27 09:01:33 | 000,147,651 | ---- | M] () -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends.htm
[2014/01/26 14:32:04 | 000,145,726 | ---- | M] () -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV.htm
[2014/01/26 14:31:56 | 000,004,670 | ---- | M] () -- C:\Users\dad\Desktop\SportStream.tv.htm
[2014/01/19 13:47:45 | 000,057,818 | ---- | M] () -- C:\Users\dad\Desktop\minute_mount_wiring_relay_02.jpg
[2014/01/19 11:42:16 | 000,091,385 | ---- | M] () -- C:\Users\dad\Desktop\61591.png

========== Files Created - No Company Name ==========

[2014/02/09 19:51:49 | 000,000,930 | ---- | C] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/05 08:51:16 | 000,207,816 | ---- | C] () -- C:\Users\dad\Desktop\0131141209.jpg
[2014/02/04 21:30:32 | 000,229,187 | ---- | C] () -- C:\Users\dad\Desktop\Verizon Messages.htm
[2014/02/04 20:27:59 | 000,376,891 | ---- | C] () -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams.htm
[2014/01/31 18:09:48 | 000,007,066 | ---- | C] () -- C:\Users\dad\Desktop\peaarl usa.jpg
[2014/01/29 17:26:57 | 000,205,585 | ---- | C] () -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter.htm
[2014/01/27 09:01:30 | 000,147,651 | ---- | C] () -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends.htm
[2014/01/26 14:32:03 | 000,145,726 | ---- | C] () -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV.htm
[2014/01/26 14:31:54 | 000,004,670 | ---- | C] () -- C:\Users\dad\Desktop\SportStream.tv.htm
[2014/01/19 11:42:16 | 000,091,385 | ---- | C] () -- C:\Users\dad\Desktop\61591.png
[2014/01/19 11:41:13 | 000,057,818 | ---- | C] () -- C:\Users\dad\Desktop\minute_mount_wiring_relay_02.jpg
[2011/06/29 10:09:10 | 000,000,008 | ---- | C] () -- C:\Users\dad\BankSelectOrder.pm
[2008/09/16 09:47:49 | 000,000,680 | ---- | C] () -- C:\Users\dad\AppData\Local\d3d9caps.dat
[2008/09/16 09:26:45 | 000,028,160 | ---- | C] () -- C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 02/09/2014 7:45:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.47% Memory free
6.18 Gb Paging File | 4.72 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 14.30 Gb Free Space | 12.91% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D56C9-F4E3-419F-89BC-CA06ABB38B2E}" = lport=445 | protocol=6 | dir=in | app=system |
"{03BDE59D-7D50-4AFC-86DF-7CBFAA11706D}" = lport=137 | protocol=17 | dir=in | app=system |
"{1314D835-A6BE-44B9-94CF-6502645F7614}" = rport=445 | protocol=6 | dir=out | app=system |
"{349ADF90-A20F-481E-9234-E9C2DB667A8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36F24785-4336-4184-8512-6DCE1C021D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3886C711-CA38-42A9-9356-E0F96BBFF46C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{4C7E5A07-79C9-4FAE-B1C1-5E4E695F523E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{56C9CBD2-149E-4AAC-BEB7-200D36354248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5939D1AF-F375-4C31-95FF-F48934E2F3D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61E7365A-CFDE-4A7D-8906-F1BFBD4C8F9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7016D08B-7F47-4EF7-AF60-9E50E931DF1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{896B4593-8AF7-4995-BA79-6F076C0C7854}" = rport=138 | protocol=17 | dir=out | app=system |
"{D06F8D68-6B68-4553-8852-02B1272C5F1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD16DCB1-436B-409C-8B19-0F6CE69A7ED6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E282B21E-5825-40E3-9C03-902FED72F9F2}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{207D8DDD-4ACF-4F77-B707-35A7D9103E45}" = protocol=1 | dir=out | [email protected],-28544 |
"{30F75CB8-8C74-4323-A102-C62EA5FF6506}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{3833D88C-3F1D-4254-A1E1-7F09BD480DBB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{38D4281E-3F87-4372-8AC7-E1B038BFF75F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3E23BB9E-81E4-473C-94ED-00868BBF0C9D}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{3F02AB13-0458-4114-81A2-E1674EE69445}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{5714A4A6-27E9-405B-8954-4B9BDF5C0003}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{60112BA6-3533-4DA8-94A3-65433642EFEB}" = dir=in | app=c:\program files\hp\digital imaging\{fa0f0a01-4631-4161-a6c2-948bf694382e}\setup\hpznui01.exe |
"{6C12A554-DA55-4A44-99F4-6A92F87D0ADD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{7CB8280A-BD55-4375-ABC1-C1F5CBC6ACE5}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{889DA711-718F-4AA6-859C-2EC1EBEAB3E0}" = protocol=1 | dir=in | [email protected],-28543 |
"{8ECB42F9-F966-46C9-BE1E-1A1EC5FE095E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{A26C99A7-41AE-41DD-8CDA-7161C3AB0526}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AD33DF4A-2D8D-42C5-A658-CD8C80053849}" = protocol=58 | dir=out | [email protected],-28546 |
"{B4FD7DAC-AA5A-4ABC-AD82-362B06A4BB1E}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{BF584FA6-997E-432A-99D5-A1277404FBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{CDDECADB-DA45-4240-AA89-6F12AE89A3BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D2B058FE-6803-4AEC-A3A8-0E73F7760CFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{DF0CAED7-AE52-42A6-8C5F-50C5110897FD}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{393D552C-523B-4FCD-94AD-E8173CFA9046}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8212EED4-4B22-4EE5-BB7A-F3F7C74039A5}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"TCP Query User{85B34B50-D21C-4D1A-ABCA-AC7CE0A52BE3}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A1108EED-1112-4065-8443-AC9DA49ABCD7}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{0442C592-FC7E-45BE-AA82-61BB792864E6}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0AC617CB-01F4-4C69-A55F-1B9DBC2FDFE3}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"UDP Query User{FCB842B1-310A-4A4E-8558-3439C52F1D39}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FD63667A-9D93-4874-B643-52FACAE2B9C2}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.24
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{401C04AC-99A0-4DE2-879F-30D03A633FEF}" = AVG 2014
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-03-17
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar 5.0
"Ares" = Ares 2.1.7
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2014
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Canon MG3100 series User Registration" = Canon MG3100 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EzManual" = EzManual
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"HDMI" = Intel® Graphics Media Accelerator Driver
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstaCodecs_is1" = InstaCodecs
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.7
"WizTree_is1" = WizTree v1.07

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2013 8:26:16 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, time
stamp 0x51c06ab5, faulting module mozalloc.dll, version 22.0.0.4917, time stamp
0x51c05025, exception code 0x80000003, fault offset 0x00001988, process id 0x14b8,
application start time 0x01ce8f5be20e7fc0.

Error - 08/03/2013 4:56:49 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1040 Start Time: 01ce8fea259516d0 Termination Time: 452

Error - 08/03/2013 4:56:52 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, time
stamp 0x51c06ab5, faulting module mozalloc.dll, version 22.0.0.4917, time stamp
0x51c05025, exception code 0x80000003, fault offset 0x00001988, process id 0x164,
application start time 0x01ce8fede68ca080.

Error - 08/12/2013 9:52:21 AM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 214c Start Time: 01ce9763196f15b0 Termination Time: 16

Error - 08/13/2013 6:27:03 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program audacity.exe version 2.0.2.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 24d4 Start Time: 01ce97af476b2c00 Termination Time: 11

Error - 08/18/2013 1:21:32 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e40 Start Time: 01ce99a88143c220 Termination Time: 466

Error - 09/03/2013 9:13:55 AM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 23.0.1.4974 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d74 Start Time: 01ce9c3e40234de0 Termination Time: 380

Error - 09/17/2013 9:48:58 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 23.0.1.4974, time
stamp 0x520bc1d5, faulting module mozalloc.dll, version 23.0.1.4974, time stamp
0x520ba12c, exception code 0x80000003, fault offset 0x00001988, process id 0xe7c,
application start time 0x01ceb3bac7f711f0.

Error - 11/21/2013 8:45:51 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.6.2.3173 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d78 Start Time: 01cee71761c7a120 Termination Time: 7

Error - 11/21/2013 10:23:48 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: aa8 Start Time: 01cee2658bc438f0 Termination Time: 161

Error - 11/26/2013 10:19:08 AM | Computer Name = dad-PC | Source = MsiInstaller | ID = 10005
Description =

[ Media Center Events ]
Error - 10/11/2009 3:37:44 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/13/2009 3:41:43 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/05/2009 6:51:49 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/24/2009 6:58:43 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 02/09/2014 4:20:25 PM | Computer Name = dad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.255.254 for the Network Card with network
address 0015AF2A477A has been denied by the DHCP server 10.0.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/09/2014 4:30:17 PM | Computer Name = dad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.255.254 for the Network Card with network
address 0015AF2A477A has been denied by the DHCP server 10.0.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/09/2014 5:27:05 PM | Computer Name = dad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.255.253 for the Network Card with network
address 0015AF2A477A has been denied by the DHCP server 10.0.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/09/2014 5:29:20 PM | Computer Name = dad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
0015AF2A477A has been denied by the DHCP server 192.168.255.249 (The DHCP Server
sent a DHCPNACK message).

Error - 02/09/2014 5:31:45 PM | Computer Name = dad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.255.253 for the Network Card with network
address 0015AF2A477A has been denied by the DHCP server 10.0.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/09/2014 8:23:34 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 02/09/2014 8:24:11 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 02/09/2014 8:25:37 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 02/09/2014 8:25:37 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 02/09/2014 8:26:08 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hello 67mopar, Posted Image Welcome to the forums!
Posted Image. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult
I'll be back after I analyze your logs.


  • 0

#3
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
thanks
  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi 67Mopar,

I do see the Search Conduit that you cited in your post. We'll take care of that and a few other things and see where we are after.


OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abvzcc19)
MOD - [2014/02/06 09:45:36 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
SRV - File not found [Auto | Stopped] -- -- (0050841232311355mcinstcleanup)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1098640
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui....rchTerms}=
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...6EC807A24E="
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
[2014/02/09 16:59:27 | 000,000,975 | ---- | M] () -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\searchplugins\conduit-search.xml
[2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
[2014/02/09 16:39:51 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\52f7f609cd6da198680085c3
[2008/09/16 09:26:45 | 000,028,160 | ---- | C] () -- C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:Commands

:commands
[emptytemp]


Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.


Download and Scan with aswMBR


  • Please download aswMBR to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Re-Run OTL

Run OTL again and click Quick Scan.

Copy and paste the contents of the log that it produces into your next post back to me.

To summerize, you should be posting an aswMBR scan and an OTL scan back to me.
  • 0

#5
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
Ok Im back, major malfunction, wthe run fix wiped out firefox, took me a while to try another browser to get back on the net. so Im using IE right now. here is the text from that log (otl) and Im just gonna wait and hear from your as things diddnt go as planned, and the sys did not reboot by itself I manually did so.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named abvzcc19 was found to stop!
Service\Driver key abvzcc19 not found.
Releasing module C:\Program Files\Mozilla Firefox\mozjs.dll
C:\Program Files\Mozilla Firefox\mozjs.dll moved successfully.
Service 0050841232311355mcinstcleanup stopped successfully!
Service 0050841232311355mcinstcleanup deleted successfully!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Prefs.js: "Conduit Search" removed from browser.search.defaultenginename
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.condui......6EC807A24E=" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll moved successfully.
C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\searchplugins\conduit-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all with Free Download Manager\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download selected with Free Download Manager\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download video with Free Download Manager\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Free Download Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
C:\Users\dad\AppData\Roaming\52f7f609cd6da198680085c3 folder moved successfully.
C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02102014_153920

Edited by 67mopar, 10 February 2014 - 02:58 PM.

  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Yes, I did make a slight error at the end of the script that stopped the reboot. Everything else looks ok, although I'm not quite sure what happend to Firefox.

We can fix Firefox later. Stick with IE for the short term.

Let's get the aswMBR scan done next as I suspect there some other items on your machine that will need tending to. We might find out that's why Firefox isn't working.
  • 0

#7
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
Im sure there are plety of things , as my disc is full, and it is after all Vista :) Should I go out and buy an upgrade to windows 7 or 8, this has been a solid computer for me? That your LP in your avatar?

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-10 16:00:18
-----------------------------
16:00:18.454 OS Version: Windows 6.0.6002 Service Pack 2
16:00:18.454 Number of processors: 2 586 0xF0D
16:00:18.456 ComputerName: DAD-PC UserName: dad
16:00:20.464 Initialize success
16:02:08.359 AVAST engine defs: 14021001
16:03:40.736 The log file has been saved successfully to "C:\Users\dad\Documents\asw.text"
16:03:57.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:03:57.918 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC70P Size: 114473MB BusType: 3
16:03:57.938 Disk 0 MBR read successfully
16:03:57.944 Disk 0 MBR scan
16:03:57.956 Disk 0 Windows VISTA default MBR code
16:03:57.964 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1027 MB offset 63
16:03:57.991 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 113443 MB offset 2104515
16:03:58.007 Disk 0 scanning sectors +234436545
16:03:58.097 Disk 0 scanning C:\Windows\system32\drivers
16:04:17.973 Service scanning
16:04:46.071 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:04:55.507 Modules scanning
16:05:08.808 Disk 0 trace - called modules:
16:05:08.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84f5e1f8]<<
16:05:08.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c2670]
16:05:08.847 3 CLASSPNP.SYS[8ada28b3] -> nt!IofCallDriver -> [0x85903918]
16:05:08.848 5 acpi.sys[8a6106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8591ab70]
16:05:08.848 \Driver\atapi[0x85915868] -> IRP_MJ_CREATE -> 0x84f5e1f8
16:05:10.247 AVAST engine scan C:\Windows
16:05:13.836 AVAST engine scan C:\Windows\system32
16:09:51.663 AVAST engine scan C:\Windows\system32\drivers
16:10:13.918 AVAST engine scan C:\Users\dad
16:15:47.219 Disk 0 MBR has been saved successfully to "C:\Users\dad\Documents\MBR.dat"
16:15:47.230 The log file has been saved successfully to "C:\Users\dad\Documents\aswMBR.txt"


OTL logfile created on: 02/10/2014 4:17:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.69% Memory free
6.18 Gb Paging File | 4.47 Gb Available in Paging File | 72.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 14.14 Gb Free Space | 12.76% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/10 16:00:13 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SJSR3CA\aswmbr.exe
PRC - [2014/02/09 19:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\dad\Downloads\OTL.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\dad\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/04 13:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/14 21:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/20 16:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/02/06 09:45:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 10:28:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 18:05:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (atvasg0i)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\dad\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/21 16:44:21 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/21 16:44:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/02 08:10:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/29 09:14:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/01/13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/27 00:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/08/15 09:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006/12/28 11:05:10 | 000,033,936 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/22 13:41:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2006/11/22 13:40:50 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/11/22 13:40:34 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/22 13:40:20 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2006/11/22 13:40:02 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2006/11/22 13:39:14 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2006/11/22 13:39:00 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2000/11/15 09:32:38 | 000,002,204 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UNINST2K.SYS -- (UNINST2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...C807A24E&SSPV="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/06 09:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/10 15:39:46 | 000,000,000 | ---D | M]

[2011/08/19 08:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Extensions
[2014/02/09 19:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions
[2012/02/04 08:57:49 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/16 14:51:57 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/06 09:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/06 09:45:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...EC807A24E&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.123.1.4_0\
CHR - Extension: Google Search = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/10 06:23:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\dad\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71072450-D442-48B7-81A4-9E5509574C1E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/10 15:39:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\Malwarebytes
[2014/02/09 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/09 19:51:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/02/06 09:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/04 21:30:32 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\Verizon Messages_files
[2014/02/04 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams_files
[2014/01/29 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter_files
[2014/01/27 09:01:30 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends_files
[2014/01/26 14:32:03 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV_files
[2014/01/26 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\SportStream.tv_files
[2014/01/17 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\deck Job

========== Files - Modified Within 30 Days ==========

[2014/02/10 16:15:47 | 000,000,512 | ---- | M] () -- C:\Users\dad\Documents\MBR.dat
[2014/02/10 16:04:36 | 000,000,522 | ---- | M] () -- C:\Users\dad\Desktop\aswmbr.exe - Shortcut.lnk
[2014/02/10 16:03:40 | 000,000,466 | ---- | M] () -- C:\Users\dad\Documents\asw.text
[2014/02/10 15:52:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 15:52:09 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 15:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/10 15:51:59 | 3210,027,008 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/10 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 19:51:49 | 000,000,930 | ---- | M] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/07 10:15:56 | 000,325,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/07 10:15:56 | 000,210,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/05 08:46:22 | 000,207,816 | ---- | M] () -- C:\Users\dad\Desktop\0131141209.jpg
[2014/02/04 21:30:33 | 000,229,187 | ---- | M] () -- C:\Users\dad\Desktop\Verizon Messages.htm
[2014/02/04 20:28:01 | 000,376,891 | ---- | M] () -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams.htm
[2014/02/02 19:02:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2014/01/31 18:09:48 | 000,007,066 | ---- | M] () -- C:\Users\dad\Desktop\peaarl usa.jpg
[2014/01/29 17:26:58 | 000,205,585 | ---- | M] () -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter.htm
[2014/01/27 09:01:33 | 000,147,651 | ---- | M] () -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends.htm
[2014/01/26 14:32:04 | 000,145,726 | ---- | M] () -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV.htm
[2014/01/26 14:31:56 | 000,004,670 | ---- | M] () -- C:\Users\dad\Desktop\SportStream.tv.htm
[2014/01/19 13:47:45 | 000,057,818 | ---- | M] () -- C:\Users\dad\Desktop\minute_mount_wiring_relay_02.jpg
[2014/01/19 11:42:16 | 000,091,385 | ---- | M] () -- C:\Users\dad\Desktop\61591.png

========== Files Created - No Company Name ==========

[2014/02/10 16:15:47 | 000,000,512 | ---- | C] () -- C:\Users\dad\Documents\MBR.dat
[2014/02/10 16:04:36 | 000,000,522 | ---- | C] () -- C:\Users\dad\Desktop\aswmbr.exe - Shortcut.lnk
[2014/02/10 16:03:40 | 000,000,466 | ---- | C] () -- C:\Users\dad\Documents\asw.text
[2014/02/09 19:51:49 | 000,000,930 | ---- | C] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/05 08:51:16 | 000,207,816 | ---- | C] () -- C:\Users\dad\Desktop\0131141209.jpg
[2014/02/04 21:30:32 | 000,229,187 | ---- | C] () -- C:\Users\dad\Desktop\Verizon Messages.htm
[2014/02/04 20:27:59 | 000,376,891 | ---- | C] () -- C:\Users\dad\Desktop\All Day Energy Greens Review - Separate The Scams.htm
[2014/01/31 18:09:48 | 000,007,066 | ---- | C] () -- C:\Users\dad\Desktop\peaarl usa.jpg
[2014/01/29 17:26:57 | 000,205,585 | ---- | C] () -- C:\Users\dad\Desktop\In Store USED 80S TAMA SUPERSTAR MAPLE 4 PIECE KIT MADE IN JAPAN _ GuitarCenter.htm
[2014/01/27 09:01:30 | 000,147,651 | ---- | C] () -- C:\Users\dad\Desktop\Media Streamer Showdown PlayStation 3 versus Xbox 360 _ Digital Trends.htm
[2014/01/26 14:32:03 | 000,145,726 | ---- | C] () -- C:\Users\dad\Desktop\LiveStream, Broadcast Boston – Philadelphia (Ice Hockey. NHL) _ LiveTV.htm
[2014/01/26 14:31:54 | 000,004,670 | ---- | C] () -- C:\Users\dad\Desktop\SportStream.tv.htm
[2014/01/19 11:42:16 | 000,091,385 | ---- | C] () -- C:\Users\dad\Desktop\61591.png
[2014/01/19 11:41:13 | 000,057,818 | ---- | C] () -- C:\Users\dad\Desktop\minute_mount_wiring_relay_02.jpg
[2011/06/29 10:09:10 | 000,000,008 | ---- | C] () -- C:\Users\dad\BankSelectOrder.pm
[2008/09/16 09:47:49 | 000,000,680 | ---- | C] () -- C:\Users\dad\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/11 12:15:52 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Audacity
[2012/03/24 19:25:14 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Auslogics
[2013/10/26 07:58:18 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\AVG2014
[2013/03/05 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Canon
[2012/09/03 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Digiarty
[2009/01/16 06:03:16 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\IObit
[2011/11/14 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\MusE
[2009/03/07 11:19:23 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



< End of report >
  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I'm still analyzing your log, but to answer a few of your question.

Im sure there are plety of things , as my disc is full, and it is after all Vista Posted Image Should I go out and buy an upgrade to windows 7 or 8, this has been a solid computer for me?

From where I sit, no I wouldn't upgrade to 7 just to do it. Vista has it's issues, but as you say, it's been solid for you. And, I think we can get your machine cleaned up and working nicely. From a Hardware point of view, you may not be able to upgrade. You'd need to check that out. As for Windows 8...this is wrong day to ask me about Windows 8 :lol:. I just "retired" a Windows 8 machine and bought a replacement Windows 7 machine. I was very upset with both the OS and the machine in general. But, that's a different conversation.

That your LP in your avatar?

No, that's an Avatar that we have available on the site. I do have a Tobacco Burst LP from the early 90's. I play more acoustic these days and my "baby" is a McIlroy A65c. You must play since you recognized the LP and used the short hand. Feel free to PM me with your email address and we can share some guitar speak.

I'll be back with details on your logs, likely tomorrow.
  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi 67Mopar,

Again, sorry about Firefox. That does happen once in a while.

Let's do a little more cleaning, then, if you don't mind, do an Over Install of Firefox (instructions below). You shouldn't loose your settings if you do an Repair or Over Install.

AdwCleaner

Download AdwCleaner. Click here and then click the Download button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
Now, go to the Firefox download site here. When asked if you want to Repair or Replace Firefox, choose Repair.

Let me know how the Over Install goes and how the machine is working now. Also, don't forget to post the AdwCleaner log.
  • 0

#10
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
Ok the root of all evil seems to be when I installed Chrome on my computer, and the purchase of a chromecast, of course that led my to search for streaming websites which im thinking that is where i got into trouble, With the features of Chrome and and in posession of a chromecast my question is I dont think I need Firefox anymore, I only need one browser I think, can you advise on this before I reload firefox.
  • 0

Advertisements


#11
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
# AdwCleaner v3.018 - Report created 11/02/2014 at 11:23:13
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : dad - DAD-PC
# Running from : C:\Users\dad\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\Viewpoint
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\dad\AppData\Local\AVG Security Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3319116&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP27B2F35C-B8CD-4D43-8D9E-476EC807A24E&SSPV=");
Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v

[ File : C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage
Found : homepage

*************************

AdwCleaner[R0].txt - [6574 octets] - [11/02/2014 11:23:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6634 octets] ##########
  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I'll have an answer for you on FF versus Chome soon. In the meantime, Rerun adwCleaner and this let it delete everything it finds and post the log for me.

Thanks!!
  • 0

#13
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
I lost the last report in transition, re ran it does it clean out each tab? or do I have to run it for every tab catagory. anyway I reranit and here is the report

# AdwCleaner v3.018 - Report created 11/02/2014 at 11:47:36
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : dad - DAD-PC
# Running from : C:\Users\dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SJSR3CA\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6714 octets] - [11/02/2014 11:23:13]
AdwCleaner[R1].txt - [6842 octets] - [11/02/2014 11:38:34]
AdwCleaner[R2].txt - [933 octets] - [11/02/2014 11:47:36]
AdwCleaner[S0].txt - [6921 octets] - [11/02/2014 11:39:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1052 octets] ##########
  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
The report(s) are located here C:\AdwCleaner\AdwCleaner[R0].txt. Could you post the one that has the deletions?
  • 0

#15
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts
thats the one I posted the one before is gone, or overwrttin, sorry man my bad, i screwed up on that
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP