[BugAboo8274]

OTL logfile created on: 2/11/2014 7:37:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public\Music\Sample Music
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.25% Memory free
6.18 Gb Paging File | 4.59 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 139.47 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: EMMA-PC | User Name: EMMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/11 19:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Music\Sample Music\OTL.exe
PRC - [2014/02/02 16:03:31 | 001,133,056 | ---- | M] () -- C:\Users\EMMA\AppData\Roaming\svc-rvha.exe
PRC - [2013/12/25 11:32:00 | 000,777,576 | ---- | M] (Plus HD) -- C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-bg.exe
PRC - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\Program Files\Highlightly\Service\hlsvc.exe
PRC - [2013/10/31 14:12:52 | 000,418,296 | ---- | M] () -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/02 16:03:31 | 001,133,056 | ---- | M] () -- C:\Users\EMMA\AppData\Roaming\svc-rvha.exe
MOD - [2014/01/30 00:54:48 | 000,087,040 | ---- | M] () -- C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie\MediaPlayerV1alpha7706.dll
MOD - [2013/12/25 11:31:59 | 000,433,000 | ---- | M] () -- C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-buttonutil.dll
MOD - [2013/07/22 05:32:59 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV - [2013/12/10 21:09:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2013/10/31 14:12:52 | 000,418,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe -- (Level Quality Watcher)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netfilter.sys -- (netfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013/12/04 13:46:36 | 000,052,752 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\Windows\System32\drivers\hlnfd.sys -- (hlnfd)
DRV - [2007/12/26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mx.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mx.yahoo.com
IE - HKLM\..\URLSearchHook: {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {8841466A-F5A8-4FA3-818F-284A47EEA4EF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001705

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Public\Music\Sample Music
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 7D 34 EE 33 0E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll ()
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8841466A-F5A8-4FA3-818F-284A47EEA4EF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5037
IE - HKCU\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://mysearch.avg....sa&d=2014-01-31 20:24:43&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SKPT_en
IE - HKCU\..\SearchScopes\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}: "URL" = http://search.condui...9511412313&UM=2
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://mx.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre1.7.0\bin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.7.0\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\EMMA\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff [2014/01/31 20:03:15 | 000,000,000 | ---D | M]

[2013/10/16 17:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/31 20:03:15 | 000,000,000 | ---D | M] (Media Player) -- C:\PROGRAM FILES\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA7706\FF
File not found (No name found) -- C:\PROGRAM FILES\VIDEOPLAYERV3\VIDEOPLAYERV3BETA3577\FF

========== Chrome ==========

CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn\1.1_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd\10.26.2.507_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb\10.26.2.507_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgklliblegdjjjakediflldiiddlaaef\0.0.0.10_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa\1.26.119_0\crossrider
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa\1.26.119_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.26.2.507_0\
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Quixley_v2b Toolbar) - {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\ScorpionSaver\IECore.dll File not found
O2 - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-bho.dll (Plus HD)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Media Player) - {8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9} - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie\MediaPlayerV1alpha7706.dll ()
O2 - BHO: (SocialRibbons LP2) - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll ()
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (no name) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PrintPDF Pro 1.1 Toolbar) - {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Quixley_v2b Toolbar) - {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PrintPDF Pro 1.1 Toolbar) - {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PrintPDF Pro 1.1 Toolbar) - {E212B114-DFE6-40D7-A15A-5CDE86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F3D4859244BD4543B049237C1BBC5D52] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [NextLive] C:\Users\EMMA\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [PrSft] C:\Users\EMMA\AppData\Roaming\svc-rvha.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F45951-8EE2-4541-B72C-A816AD266691}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEDC2B0-42BD-4430-9CE3-11A513CC3532}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\k9filter.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MpUXSrv.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmpeng.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\System32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/11 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\EMMA\Desktop\Desktop Files
[2014/02/11 19:13:13 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/02/11 17:35:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/02 10:19:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/02 10:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/02 10:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/02 10:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/02 00:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/02/02 00:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/02 00:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/02 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/02 00:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/31 20:33:34 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Local\IAC
[2014/01/31 20:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\IminentToolbar
[2014/01/31 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Roaming\IminentToolbar
[2014/01/31 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Local\VisualBeeExe
[2014/01/31 20:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/01/31 20:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/01/31 20:21:48 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Local\emaze
[2014/01/31 20:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerV1
[2014/01/13 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoPlayerV3
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/11 19:22:44 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/11 19:22:44 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/11 19:19:22 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\AffiliatedUpdate.job
[2014/02/11 19:19:10 | 000,000,142 | ---- | M] () -- C:\Users\EMMA\AppData\Roaming\WB.CFG
[2014/02/11 19:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/11 19:08:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 18:57:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/02/11 17:50:52 | 000,002,078 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-firefoxinstaller.job
[2014/02/11 17:50:52 | 000,001,950 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-chromeinstaller.job
[2014/02/11 17:50:51 | 000,001,314 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-updater.job
[2014/02/11 17:50:51 | 000,001,216 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-codedownloader.job
[2014/02/11 17:50:51 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-enabler.job
[2014/02/11 17:50:51 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/11 17:50:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 17:50:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 17:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/11 17:50:24 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/02 16:18:25 | 000,001,816 | ---- | M] () -- C:\Users\EMMA\AppData\Roaming\data.sec
[2014/02/02 16:14:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/02 16:03:31 | 001,133,056 | ---- | M] () -- C:\Users\EMMA\AppData\Roaming\svc-rvha.exe
[2014/02/02 00:57:16 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 00:39:18 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/31 21:33:44 | 000,001,249 | ---- | M] () -- C:\Users\EMMA\Desktop\Continue Java.lnk
[2014/01/31 20:44:15 | 000,000,871 | ---- | M] () -- C:\Users\EMMA\Desktop\Continue VuuPC Installation.lnk
[2014/01/31 20:29:30 | 000,000,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | M] () -- C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk
[2014/01/31 20:03:41 | 000,000,154 | ---- | M] () -- C:\extensions.ini
[2014/01/31 20:03:19 | 000,000,258 | RHS- | M] () -- C:\Users\EMMA\ntuser.pol
[2014/01/29 20:23:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/13 13:52:15 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/02 16:18:25 | 000,001,816 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\data.sec
[2014/02/02 16:03:32 | 001,133,056 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\svc-rvha.exe
[2014/02/02 00:57:16 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 00:39:18 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/31 21:33:44 | 000,001,249 | ---- | C] () -- C:\Users\EMMA\Desktop\Continue Java.lnk
[2014/01/31 20:44:15 | 000,000,871 | ---- | C] () -- C:\Users\EMMA\Desktop\Continue VuuPC Installation.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | C] () -- C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/01/31 20:03:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/13 13:52:15 | 000,000,154 | ---- | C] () -- C:\extensions.ini
[2014/01/13 13:52:15 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/18 22:19:02 | 000,000,142 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\WB.CFG
[2013/10/17 18:52:29 | 000,000,000 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\wklnhst.dat
[2013/05/04 17:58:10 | 000,000,258 | RHS- | C] () -- C:\Users\EMMA\ntuser.pol
[2012/05/18 16:15:15 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/30 02:00:21 | 000,000,680 | ---- | C] () -- C:\Users\EMMA\AppData\Local\d3d9caps.dat
[2012/01/24 09:59:35 | 000,024,206 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\UserTile.png
[2011/12/01 10:09:04 | 000,000,000 | ---- | C] () -- C:\Users\EMMA\AppData\Local\{F497C992-E03F-4207-8EF1-72ECC1C7C69C}
[2011/05/16 05:06:17 | 000,009,216 | ---- | C] () -- C:\Users\EMMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 11:35:21 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/16 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\AffiliatedUpdate
[2013/12/25 12:15:38 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\AVG
[2011/03/09 23:25:20 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\Desktopicon
[2014/01/31 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\IminentToolbar
[2012/01/12 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\JLC's Software
[2014/02/11 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\newnext.me
[2014/01/01 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\SearchProtect
[2011/03/09 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\TMP
[2012/09/28 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\TuneUp Software
[2011/07/12 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_2077.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1637.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1603.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1539.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1531.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1530.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1528.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1527.MP4:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

[Advertisements]

My computer is telling me errors of trojan horses and key loggers are on it. Popups come up everytime I try to click on something and opens a bunch of websites. Firewall warnings saying different programs are trying to access the internet and is blocking IE and Chrome.

[BugAboo8274]

My computer is telling me errors of trojan horses and key loggers are on it. Popups come up everytime I try to click on something and opens a bunch of websites. Firewall warnings saying different programs are trying to access the internet and is blocking IE and Chrome.

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello There should be another log that was produced when you first ran OTL called Extras.txt It will be located in the same place as where you ran OTL from. In this case here: C:\Users\Public\Music\Sample Music

Please post that log in your next reply. I'm currently reviewing your log and working up a fix for approval by my instructor.

[pystryker]

Hello, we have some work to do, so let's get started.


Step 1: Upload file to VirusTotal


There is a file on your machine that I cannot locate any information on, and I'd like to get a scan to see if it's malware related.

• Please go to VirusTotal.org by clicking here
  
• Please click on Choose File
  
• When the window opens, navigate to the location listed in the box below and select the file that is listed in that location.
  
  

  C:\Users\EMMA\AppData\Roaming\svc-rvha.exe

• Once you have selected the file, click the blue Scan It! button.
  
• VirusTotal will scan the file and produce a report for you. Please post the report in your next reply.

Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2013/10/31 14:12:52 | 000,418,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe -- (Level Quality Watcher)
DRV - [2013/12/04 13:46:36 | 000,052,752 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\Windows\System32\drivers\hlnfd.sys -- (hlnfd)
E - HKLM\..\URLSearchHook: {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {8841466A-F5A8-4FA3-818F-284A47EEA4EF}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001705
IE - HKCU\..\URLSearchHook: {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll ()
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8841466A-F5A8-4FA3-818F-284A47EEA4EF}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5037
IE - HKCU\..\SearchScopes\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}: "URL" = http://search.condui...9511412313&UM=2
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}: "URL" = http://search.condui...q={searchTerms}
File not found (No name found) -- C:\PROGRAM FILES\VIDEOPLAYERV3\VIDEOPLAYERV3BETA3577\FF
O2 - BHO: (Quixley_v2b Toolbar) - {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\ScorpionSaver\IECore.dll File not found
O2 - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-bho.dll (Plus HD)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Media Player) - {8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9} - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie\MediaPlayerV1alpha7706.dll ()
O2 - BHO: (SocialRibbons LP2) - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll ()
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (no name) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - No CLSID value found.
O2 - BHO: (PrintPDF Pro 1.1 Toolbar) - {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Quixley_v2b Toolbar) - {08a4f3d8-73a4-4212-b58c-2840ab3578ca} - C:\Program Files\Quixley_v2b\prxtbQui0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PrintPDF Pro 1.1 Toolbar) - {e212b114-dfe6-40d7-a15a-5cde86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PrintPDF Pro 1.1 Toolbar) - {E212B114-DFE6-40D7-A15A-5CDE86657185} - C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll (Conduit Ltd.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\EMMA\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
[2014/01/31 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Roaming\IminentToolbar
[2014/01/31 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Local\VisualBeeExe
[2014/01/31 20:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/01/31 20:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/01/31 20:21:48 | 000,000,000 | ---D | C] -- C:\Users\EMMA\AppData\Local\emaze
[2014/01/31 20:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerV1
[2014/02/11 17:50:52 | 000,002,078 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-*.job
[2014/01/31 20:29:30 | 000,000,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | M] () -- C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk
[2014/01/31 21:33:44 | 000,001,249 | ---- | C] () -- C:\Users\EMMA\Desktop\Continue Java.lnk
[2014/01/31 20:44:15 | 000,000,871 | ---- | C] () -- C:\Users\EMMA\Desktop\Continue VuuPC Installation.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | C] () -- C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk
[2014/01/31 20:21:49 | 000,001,200 | ---- | C] () -- C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/01/31 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\IminentToolbar
[2014/02/11 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\newnext.me
[2014/01/01 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\EMMA\AppData\Roaming\SearchProtect
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_2077.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1637.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1603.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1539.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1531.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1530.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1528.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\EMMA\Documents\100_1527.MP4:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720


:Files
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgklliblegdjjjakediflldiiddlaaef
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa
CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
C:\Program Files\Plus-HD-1.2
C:\Program Files\Highlightly
C:\Program Files\Level Quality Watcher
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[resethosts]
[emptytemp]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  
• Close any open windows or browsers.
  
• Pause your Anti-Virus program if it is running.
  
• Once it starts, click on the Scan button.
  
• Let the scan complete itself. This may take a few minutes.
  
• Once the scan has finished, "Pending, uncheck elements you don't want to remove."
  click the Clean button. When finished, it will ask to reboot. Please reboot.
  
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  
• Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Things I need to see in your next post:

VirusTotal Report

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

[BugAboo8274]

OTL Extras logfile created on: 2/11/2014 7:37:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public\Music\Sample Music
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.25% Memory free
6.18 Gb Paging File | 4.59 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 139.47 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: EMMA-PC | User Name: EMMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A85233-C75A-4B0F-B07F-79B000C51A17}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{169A8437-B569-4595-A404-A0AE64FB4435}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1A3BEF41-4D82-48F7-8307-257F42164789}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3FAE8B98-BB09-41CA-BB4F-2D47EB5AF463}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4330174F-EB32-49C7-A0C3-D6E4D8976A85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4356216E-7C28-41B2-8050-2D212991D4F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F86A7B7-B575-42CE-8025-6EC3B35E57F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{560E0F21-BBBF-494A-ACB0-18D491AA1E21}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{657470B7-406A-4D26-923D-616A7B0B5360}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D4245B3-A146-4D61-B105-83D6987F8101}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{804D1B52-0322-436A-987C-BDF9D8EAF26E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{826FB68E-7FD3-4695-B4B8-BF8071ABBA7B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8DAE7497-6617-43AA-BCEF-473856DE3A40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96838319-E03C-4FE1-BE08-18B68AC183AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BF3879E-E22C-440D-A8EA-160A360FE480}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D87E440-E797-4B62-B776-C4EC9DF156D1}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{9FE598BC-6AD9-49C2-92F7-0265ADBAC8A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADCAE649-DEE8-460F-B16D-EF6FAB70C354}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B16604BA-D508-415C-AFD7-ED3988C2D65A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B7B025F4-3ADC-47B0-9158-599E1089E636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BF082271-F038-4D02-A3BD-0518874A716D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8F0B612-C0A2-4A34-B51A-154F82F4477A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D09FE41E-D1CA-4C53-90CA-698F70A9AC75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D8A4E23A-CD85-4394-B566-D1FFAF7FE895}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DF68389C-D71A-4362-8FB5-9D14AC527119}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DFDD5C94-AC57-43A3-95C9-2BE998BFCD81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E38A21B0-CADF-4BC8-BDD5-220E77FC0CC4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{FBC6A94E-9D5C-4508-AE72-184251CA3E97}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00876054-5E59-4407-9236-C655E6165CEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04549E5B-3A1F-48BA-B572-AE53D52CF1CE}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{07FC2BF6-A2D2-44D4-94C8-A79C1A139B88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{107DD153-6BE0-445F-BBFA-0F8F62DECCC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1731617C-E632-4CAF-90BF-8612DD41AF90}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1BF8D7D1-658D-43DF-A7E6-DB626DB40A61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FD37D2B-FF42-4C53-A82D-DE1CECAD02E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20AE21BA-DC19-4AB6-B3B2-C62481843C64}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2215D8AD-2E73-4FC9-9F94-55BA9963629D}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{24158767-606C-43CD-BFF7-FDF97E06A088}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B3AD30A-3D1B-450E-84AB-09A2848985A4}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
"{2E0ED209-F10F-4DC2-B1EB-DE894A5E5E70}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3120A721-6327-43AF-92CD-3EB904D6CF36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3ACE0F39-367A-49C8-B25F-0E6EBA9AEFEF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3D904C57-BF0E-491C-A376-B45CB099EE8D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4C939B20-77D2-4ED2-B2BD-DB657A93891F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BB33A31-C20C-44A3-9203-28027973124D}" = protocol=6 | dir=out | app=system |
"{6299548E-2AD4-42CF-AA82-414868461F70}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{888E05B7-44B0-4B29-9253-D21D346D3790}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D0822E5-CBF7-414F-A320-BCF370518D19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90749805-5D45-415C-A87D-F03D7789CAD5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A46E24D9-944E-4496-87FD-C210732035BC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AF8AD68A-4895-4CBC-BCF4-E549A10872E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC816483-F0F8-42EA-B0AC-2C1089A8AF6E}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{C92320B5-C2E5-4055-869C-8CE66E8D59E1}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{CB34F052-2872-4101-99BE-1C94B57485FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D3A62277-12DC-4556-8268-DE85BC4012C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBDD6724-0D78-4FFC-A2F7-C4917314E20A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E80B77FB-A383-42EC-9D2C-BB4382A01B6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F11FEB87-A62E-49A7-9025-4FE65B1A6645}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1E36984-4DF2-4CF6-8A7D-09CE7570F151}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FDA742FF-D78B-42B6-8F28-C3381508911B}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
"TCP Query User{DE5044B8-BFB2-4E83-B51A-C0D73EAA8DA7}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DC3E9E4A-511B-4A8D-8A08-96CCCBAD765A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A17C91C-A455-3E89-B8B7-44E192F79635}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java™ 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{838662CD-7028-48A1-8F3D-6F58A9B7D586}" = PERRLA
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Highlightly" = Highlightly
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IECT3317420" = PrintPDF Pro 1.1 Toolbar for IE
"MediaPlayerV1alpha7706" = Media Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mplayer" = Mplayer 0.6.9
"Plus-HD-1.2" = Plus-HD-1.2
"Quixley_v2b Toolbar" = Quixley_v2b Toolbar
"SocialRibbons LP2" = SocialRibbons LP2
"Software Updater_is1" = Software Updater version 1.8.3
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AffiliatedUpdate" = AffiliatedUpdate
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2014 12:07:57 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/2/2014 12:07:57 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15725

Error - 2/2/2014 12:07:57 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15725

Error - 2/2/2014 12:07:59 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/2/2014 12:07:59 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17472

Error - 2/2/2014 12:07:59 PM | Computer Name = EMMA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17472

Error - 2/2/2014 12:25:08 PM | Computer Name = EMMA-PC | Source = Application Error | ID = 1000
Description = Faulting application Driver_Repair.exe, version 2.0.4.87, time stamp
0x52ec1f07, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x17b4, application start time
0x01cf203354e4bf60.

Error - 2/2/2014 12:25:17 PM | Computer Name = EMMA-PC | Source = Application Error | ID = 1000
Description = Faulting application Driver_Repair.exe, version 2.0.4.87, time stamp
0x52ec1f07, faulting module Driver_Repair.exe, version 2.0.4.87, time stamp 0x52ec1f07,
exception code 0xc0000005, fault offset 0x000050f8, process id 0x17b4, application
start time 0x01cf203354e4bf60.

Error - 2/2/2014 6:24:53 PM | Computer Name = EMMA-PC | Source = EventSystem | ID = 4622
Description =

Error - 2/11/2014 7:49:34 PM | Computer Name = EMMA-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 9/29/2012 12:51:29 AM | Computer Name = EMMA-PC | Source = WLAN-Tray | ID = 0
Description = 23:51:29, Fri, Sep 28, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 3/24/2012 12:21:43 AM | Computer Name = EMMA-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 1/23/2012 3:03:11 AM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 968
seconds with 300 seconds of active time. This session ended with a crash.

Error - 3/21/2013 10:12:09 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7890
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 4/15/2013 8:57:17 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/14/2013 12:10:03 AM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1273
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/24/2013 11:24:29 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1945 seconds with 1560 seconds of active time. This session ended with a
crash.

Error - 6/9/2013 8:52:59 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5353
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 6/9/2013 9:31:30 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 587
seconds with 480 seconds of active time. This session ended with a crash.

Error - 6/22/2013 6:19:33 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1297
seconds with 720 seconds of active time. This session ended with a crash.

Error - 6/30/2013 4:26:30 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12376
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 7/1/2013 8:00:03 PM | Computer Name = EMMA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 65 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/11/2014 7:28:54 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:28:54 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:28:54 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:28:54 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:29:51 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/11/2014 7:52:04 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:52:04 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/11/2014 7:52:04 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:52:04 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2014 7:52:45 PM | Computer Name = EMMA-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

EXTRAS.TXT Report

[BugAboo8274]

SHA256:

7cf3d574abde4a4002a6902020170d42ba5a8e8ed36bee1774dbdb263d9bc756



File name:

svc-rvha.exe



Detection ratio:

36 / 49



Analysis date:

2014-02-13 00:48:17 UTC ( 0 minutes ago )







0




0


 Analysis
 File detail
 Additional information
 Comments
 Votes







Antivirus

Result

Update




AVG

Luhe.Fiha.A

20140213



Ad-Aware

Trojan.GenericKD.1542834

20140213



Agnitum

Trojan.DR.Dapato!Xbm6odJb3Fk

20140212



AhnLab-V3

Trojan/Win32.FakeAV

20140212



AntiVir

TR/FakeAV.A.147

20140213



Avast

Win32:FakeAV-FIK [Trj]

20140213



Baidu-International

Trojan.Win32.Dapato.AkQ

20140212



BitDefender

Trojan.GenericKD.1542834

20140213



Comodo

Application.Win32.AdWare.WindowsExpertConsole.AL

20140213



DrWeb

Trojan.FakeAV.16647

20140213



ESET-NOD32

a variant of Win32/AdWare.WindowsExpertConsole.AL

20140213



Emsisoft

Trojan.GenericKD.1542834 (B)

20140212



F-Secure

Trojan.GenericKD.1542834

20140212



Fortinet

W32/FakeAV.AL

20140212



GData

Trojan.GenericKD.1542834

20140212



Ikarus

Trojan.Win32.FakeAV

20140212



Jiangmin

TrojanDropper.Dapato.vzc

20140212



K7GW

Adware ( 00493ef41 )

20140212



Kaspersky

Trojan-Dropper.Win32.Dapato.dlqr

20140212



Kingsoft

Win32.Troj.Dapato.dl.(kcloud)

20140213



Malwarebytes

Rogue.FakeAV

20140213



McAfee

FakeAlert-FTG!E63601188E1D

20140213



McAfee-GW-Edition

FakeAlert-FTG!E63601188E1D

20140213



MicroWorld-eScan

Trojan.GenericKD.1542834

20140212



Microsoft

Rogue:Win32/FakePAV

20140213



Norman

FakeAV.STR

20140212



Panda

Suspicious file

20140212



Qihoo-360

Win32/Trojan.Multi.daf

20140213



Sophos

Mal/FakeAV-UM

20140213



Symantec

Trojan.FakeAV

20140213



TrendMicro

TROJ_FAKEAV.OUD

20140213



TrendMicro-HouseCall

TROJ_FAKEAV.OUD

20140213



VBA32

TrojanDropper.Dapato

20140212



VIPRE

Trojan.Win32.WindowsExpertConsole.af (v)

20140213



ViRobot

Dropper.A.Dapato.1133056

20140212



nProtect

Trojan.GenericKD.1542834

20140212



Bkav



20140212



ByteHero



20140213



CAT-QuickHeal



20140212



CMC



20140211



ClamAV



20140212



Commtouch



20140213



F-Prot



20140211



K7AntiVirus



20140212



NANO-Antivirus



20140212



Rising



20140212



SUPERAntiSpyware



20140213



TheHacker



20140212



TotalDefense



20140213

[BugAboo8274]

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

This is all that was on the report from OTL.

[BugAboo8274]

# AdwCleaner v3.018 - Report created 12/02/2014 at 19:37:54
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : EMMA - EMMA-PC
# Running from : C:\Users\EMMA\Desktop\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\IminentToolbar
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\Program Files\PrintPDF_Pro_1.1
Folder Deleted : C:\Program Files\Quixley_v2b
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Users\EMMA\AppData\Local\Conduit
Folder Deleted : C:\Users\EMMA\AppData\Local\DownloadTerms
Folder Deleted : C:\Users\EMMA\AppData\Local\iac
Folder Deleted : C:\Users\EMMA\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\EMMA\AppData\Local\PackageAware
Folder Deleted : C:\Users\EMMA\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\Doko-Toolbar
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\iac
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\PrintPDF_Pro_1.1
Folder Deleted : C:\Users\EMMA\AppData\LocalLow\Quixley_v2b
Folder Deleted : C:\Users\EMMA\AppData\Roaming\Desktopicon
Folder Deleted : C:\Users\EMMA\Documents\optimizer pro
Folder Deleted : C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Folder Deleted : C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb
Folder Deleted : C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05CD6D51-2E3B-483F-A8EB-3CE126BA9C4C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05CD6D51-2E3B-483F-A8EB-3CE126BA9C4C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox.1
Key Deleted : HKCU\Software\5b08adab53fbe49
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.FCTB000100291Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.FCTB000100291Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3001705
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3317420
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B7475F-0B78-42E4-9749-68B66AFC52DD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{021C8C71-F4F1-4E03-B72F-8DAA7EF53A62}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124455}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E212B114-DFE6-40D7-A15A-5CDE86657185}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B7475F-0B78-42E4-9749-68B66AFC52DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08A4F3D8-73A4-4212-B58C-2840AB3578CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E212B114-DFE6-40D7-A15A-5CDE86657185}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08A4F3D8-73A4-4212-B58C-2840AB3578CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B7475F-0B78-42E4-9749-68B66AFC52DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{021C8C71-F4F1-4E03-B72F-8DAA7EF53A62}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B727907-1CB4-4A76-8A7D-28D436B9631F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE925108-6051-4571-BE17-26BA798FB999}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18EBA8C-28DF-46F5-8572-2102B73741BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{473EA2AE-0EFB-4084-805F-FE8ADBA03FE1}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{08A4F3D8-73A4-4212-B58C-2840AB3578CA}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\PrintPDF_Pro_1.1
Key Deleted : HKCU\Software\AppDataLow\Software\Quixley_v2b
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\PrintPDF_Pro_1.1
Key Deleted : HKLM\Software\Quixley_v2b
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quixley_v2b Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Quixley_v2b Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16437 octets] - [12/02/2014 19:36:52]
AdwCleaner[S0].txt - [16794 octets] - [12/02/2014 19:37:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16855 octets] ##########

[BugAboo8274]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by EMMA on Wed 02/12/2014 at 19:46:04.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-655931301-1982061293-2070042266-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322122255}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311121155}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121155}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-1.2-chromeinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-1.2-codedownloader
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-1.2-enabler
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-1.2-updater
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.2-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.2-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.2-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.2-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.2-updater.job
Successfully deleted: [File] "C:\Users\EMMA\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\EMMA\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] C:\Users\EMMA\AppData\LocalLow\FCTB000100291
Successfully deleted: [Folder] "C:\Users\EMMA\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\EMMA\appdata\locallow\datamngr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2014 at 19:48:17.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[pystryker]

Hi, there's a copy of the OTL Fix log that should be complete located here: C:\_OTL\MovedFiles

I'll get to work on your logs, and we'll proceed.

[BugAboo8274]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service hlsvc stopped successfully!
Service hlsvc deleted successfully!
C:\Program Files\Highlightly\Service\hlsvc.exe moved successfully.
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe moved successfully.
Error: Unable to stop service hlnfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hlnfd deleted successfully.
C:\Windows\System32\drivers\hlnfd.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e212b114-dfe6-40d7-a15a-5cde86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ deleted successfully.
C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08a4f3d8-73a4-4212-b58c-2840ab3578ca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ deleted successfully.
C:\Program Files\Quixley_v2b\prxtbQui0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2b2505fa-fd68-0144-9128-cd617bdca8c2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b2505fa-fd68-0144-9128-cd617bdca8c2}\ deleted successfully.
C:\Program Files\SocialRibbons LP2\Helper.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ not found.
File C:\Program Files\Quixley_v2b\prxtbQui0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9}\ deleted successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie\MediaPlayerV1alpha7706.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ deleted successfully.
C:\Program Files\SocialRibbons LP2\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e212b114-dfe6-40d7-a15a-5cde86657185}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{08a4f3d8-73a4-4212-b58c-2840ab3578ca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ not found.
File C:\Program Files\Quixley_v2b\prxtbQui0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e212b114-dfe6-40d7-a15a-5cde86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E212B114-DFE6-40D7-A15A-5CDE86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E212B114-DFE6-40D7-A15A-5CDE86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\EMMA\AppData\Roaming\newnext.me\nengine.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Users\EMMA\AppData\Roaming\IminentToolbar folder moved successfully.
C:\Users\EMMA\AppData\Local\VisualBeeExe folder moved successfully.
C:\Program Files\Highlightly\Service folder moved successfully.
C:\Program Files\Highlightly\IE folder moved successfully.
C:\Program Files\Highlightly\Chrome folder moved successfully.
C:\Program Files\Highlightly\3rd Party Licenses folder moved successfully.
C:\Program Files\Highlightly folder moved successfully.
C:\ProgramData\VisualBee folder moved successfully.
C:\Users\EMMA\AppData\Local\emaze folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content\icons\default folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content\icons folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ch folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706 folder moved successfully.
C:\Program Files\MediaPlayerV1 folder moved successfully.
File C:\Windows\tasks\Plus-HD-1.2-*.job not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk moved successfully.
C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk moved successfully.
C:\Users\EMMA\Desktop\Continue Java.lnk moved successfully.
C:\Users\EMMA\Desktop\Continue VuuPC Installation.lnk moved successfully.
File C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk not found.
C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk moved successfully.
Folder C:\Users\EMMA\AppData\Roaming\IminentToolbar\ not found.
C:\Users\EMMA\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\EMMA\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\EMMA\AppData\Roaming\SearchProtect\Res folder moved successfully.
C:\Users\EMMA\AppData\Roaming\SearchProtect folder moved successfully.
ADS C:\Users\EMMA\Documents\100_2077.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1637.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1603.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1539.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1531.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1530.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1528.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1527.MP4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn\1.1_0\images folder moved successfully.
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn\1.1_0 folder moved successfully.
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn folder moved successfully.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgklliblegdjjjakediflldiiddlaaef not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi not found.
C:\Program Files\Plus-HD-1.2 folder moved successfully.
File\Folder C:\Program Files\Highlightly not found.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Public\Music\Sample Music\cmd.bat deleted successfully.
C:\Users\Public\Music\Sample Music\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Public\Music\Sample Music\cmd.bat deleted successfully.
C:\Users\Public\Music\Sample Music\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: EMMA
->Temp folder emptied: 185356218 bytes
->Temporary Internet Files folder emptied: 132971552 bytes
->Java cache emptied: 2780277 bytes
->Google Chrome cache emptied: 101914455 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3020 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13875409 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 533669 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 141663 bytes

Total Files Cleaned = 417.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_185501

[pystryker]

Thank you

[pystryker]

Hi

Looking good! Let's uninstall some malware related programs and run some more scans.


Step 1: Program Uninstalls

Please uninstall the follow programs from your machine. Now, we've gotten rid of a lot of these already and if you get an error telling you it's not found or that it's uninstalled, don't worry, proceed to the next one on the list.

• Click on the Start button on your desktop and select Control Panel.
  
• Click on Programs and Features.
  
• When the list is populated with the programs, please uninstall each one of the programs listed below:

• Plus-HD-1.2
  
• Quixley_v2b Toolbar
  
• SocialRibbons LP2
  
• Software Updater version 1.8.3
  
• PrintPDF Pro 1.1 Toolbar for IE
  
• Highlightly
  
• Yontoo Layers Runtime 1.10.01
  
• Level Quality Watcher

Step 2: Scan with Malwarebytes Anti-Rootkit


Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.


• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"


• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please post the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:Files
C:\Users\EMMA\AppData\Roaming\svc-rvha.exe

:Commands
[reboot]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. If the log doesn't open, you can find a copy of it here:C:\_OTL\MovedFiles Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 4: OTL Quick Scan

• Start OTL and this time click the Quick Scan button
  
• OTL will scan your system and produce one log when finished.
  
• Please post that log in your next reply.

Things I need to see in your next post:


system-log.txt

mbar-log-year-month-day (hour-minute-second).txt.

OTL Fix Log

OTL Quick Scan Log

Question: How is the machine running now?

[BugAboo8274]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3210014720, free: 1631145984

Downloaded database version: v2014.02.14.01
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
02/13/2014 20:08:19
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\OEM02Dev.sys
\SystemRoot\system32\DRIVERS\OEM02Vfx.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85bf4ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85103030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85bf4ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bf47b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85bf4ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85103030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 488312832
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Infected: C:\Users\EMMA\AppData\Roaming\svc-rvha.exe --> [Rogue.FakeAV]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PrSft --> [Rogue.FakeAV]
Infected: C:\Users\EMMA\AppData\Roaming\svc-rvha.exe --> [Rogue.FakeAV]
Infected: C:\Users\EMMA\AppData\Roaming\data.sec --> [Malware.Trace.E]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\k9filter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpUXSrv.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msmpeng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD|ImagePath --> [Rogue.Agent.WPS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD --> [Rogue.Agent.WPS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

System Log



-------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.14.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
EMMA :: EMMA-PC [administrator]

2/13/2014 8:08:24 PM
mbar-log-2014-02-13 (20-08-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 208702
Time elapsed: 13 minute(s), 54 second(s)

Memory Processes Detected: 1
C:\Users\EMMA\AppData\Roaming\svc-rvha.exe (Rogue.FakeAV) -> 3156 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\k9filter.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpUXSrv.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msmpeng.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD (Rogue.Agent.WPS) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PrSft (Rogue.FakeAV) -> Data: C:\Users\EMMA\AppData\Roaming\svc-rvha.exe -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD|ImagePath (Rogue.Agent.WPS) -> Data: 123123.sys -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\EMMA\AppData\Roaming\svc-rvha.exe (Rogue.FakeAV) -> Delete on reboot.
C:\Users\EMMA\AppData\Roaming\data.sec (Malware.Trace.E) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


MBAR-LOG

[BugAboo8274]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service hlsvc stopped successfully!
Service hlsvc deleted successfully!
C:\Program Files\Highlightly\Service\hlsvc.exe moved successfully.
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe moved successfully.
Error: Unable to stop service hlnfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hlnfd deleted successfully.
C:\Windows\System32\drivers\hlnfd.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e212b114-dfe6-40d7-a15a-5cde86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ deleted successfully.
C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08a4f3d8-73a4-4212-b58c-2840ab3578ca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ deleted successfully.
C:\Program Files\Quixley_v2b\prxtbQui0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2b2505fa-fd68-0144-9128-cd617bdca8c2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b2505fa-fd68-0144-9128-cd617bdca8c2}\ deleted successfully.
C:\Program Files\SocialRibbons LP2\Helper.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8841466A-F5A8-4FA3-818F-284A47EEA4EF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED8B6D4F-604A-4AB7-A595-B8B1397D2995}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ not found.
File C:\Program Files\Quixley_v2b\prxtbQui0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
C:\Program Files\Plus-HD-1.2\Plus-HD-1.2-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f69607b-cd89-4c22-bdb3-1a3ee0fd71a9}\ deleted successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie\MediaPlayerV1alpha7706.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ deleted successfully.
C:\Program Files\SocialRibbons LP2\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e212b114-dfe6-40d7-a15a-5cde86657185}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{08a4f3d8-73a4-4212-b58c-2840ab3578ca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ not found.
File C:\Program Files\Quixley_v2b\prxtbQui0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e212b114-dfe6-40d7-a15a-5cde86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e212b114-dfe6-40d7-a15a-5cde86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E212B114-DFE6-40D7-A15A-5CDE86657185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E212B114-DFE6-40D7-A15A-5CDE86657185}\ not found.
File C:\Program Files\PrintPDF_Pro_1.1\prxtbPrin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\EMMA\AppData\Roaming\newnext.me\nengine.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Users\EMMA\AppData\Roaming\IminentToolbar folder moved successfully.
C:\Users\EMMA\AppData\Local\VisualBeeExe folder moved successfully.
C:\Program Files\Highlightly\Service folder moved successfully.
C:\Program Files\Highlightly\IE folder moved successfully.
C:\Program Files\Highlightly\Chrome folder moved successfully.
C:\Program Files\Highlightly\3rd Party Licenses folder moved successfully.
C:\Program Files\Highlightly folder moved successfully.
C:\ProgramData\VisualBee folder moved successfully.
C:\Users\EMMA\AppData\Local\emaze folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ie folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content\icons\default folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content\icons folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome\content folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff\chrome folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ff folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706\ch folder moved successfully.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha7706 folder moved successfully.
C:\Program Files\MediaPlayerV1 folder moved successfully.
File C:\Windows\tasks\Plus-HD-1.2-*.job not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk moved successfully.
C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk moved successfully.
C:\Users\EMMA\Desktop\Continue Java.lnk moved successfully.
C:\Users\EMMA\Desktop\Continue VuuPC Installation.lnk moved successfully.
File C:\Users\EMMA\Desktop\Create Amazing Presentations.lnk not found.
C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk moved successfully.
Folder C:\Users\EMMA\AppData\Roaming\IminentToolbar\ not found.
C:\Users\EMMA\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\EMMA\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\EMMA\AppData\Roaming\SearchProtect\Res folder moved successfully.
C:\Users\EMMA\AppData\Roaming\SearchProtect folder moved successfully.
ADS C:\Users\EMMA\Documents\100_2077.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1637.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1603.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1539.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1531.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1530.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1528.MP4:TOC.WMV deleted successfully.
ADS C:\Users\EMMA\Documents\100_1527.MP4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn\1.1_0\images folder moved successfully.
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn\1.1_0 folder moved successfully.
C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjffenlcdbhppagjajginihlihblkbn folder moved successfully.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgklliblegdjjjakediflldiiddlaaef not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa not found.
File\Folder CHR - Extension: No name found = C:\Users\EMMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi not found.
C:\Program Files\Plus-HD-1.2 folder moved successfully.
File\Folder C:\Program Files\Highlightly not found.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Public\Music\Sample Music\cmd.bat deleted successfully.
C:\Users\Public\Music\Sample Music\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Public\Music\Sample Music\cmd.bat deleted successfully.
C:\Users\Public\Music\Sample Music\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: EMMA
->Temp folder emptied: 185356218 bytes
->Temporary Internet Files folder emptied: 132971552 bytes
->Java cache emptied: 2780277 bytes
->Google Chrome cache emptied: 101914455 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3020 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13875409 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 533669 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 141663 bytes

Total Files Cleaned = 417.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_185501

Files\Folders moved on Reboot...
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\3223049107825706169[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\4442456fa0[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\4442456fa0[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\5733362673879696655[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\8067898240358940918[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\9008536472715918008[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\action[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\adServerESI[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\adServerESI[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\a_usersyncCA846W3H.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\a_usersyncCAP6CQU1.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\a_usersyncCAS59DSW.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\a_usersyncCATL6VDM.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\ba[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\cr_active[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\c[6].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\c[8].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\c[9].php moved successfully.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\dWJhZmZpZCI6MTAzNywiaHJlZiI6Imh0dHBzOi8vd3d3LnZpcnVzdG90YWwuY29tL2VuLyIsIndpZHRoIjoxMjgwLCJoZWlnaHQiOjgwMCwibG9hZGVyX2NsaWVudF90aW1lc3RhbXAiOjEzOTIyNTIxMDg5MjJ9[1].js scheduled to be moved on reboot.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\get-user-id[10].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\get-user-id[11].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\get-user-id[9].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\getSnoozing[5].do moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\if[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\if[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\img[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\img[3].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\img[4].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\iPage[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\mam[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\matchCAF4P96P moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\match[10] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\match[11] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\match[8] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\match[9] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\resources[1].css moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\res[2].htm moved successfully.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\RG81UXdMaFQtRjgzOWlnODNUNnBnaU9Idk5nSDhFRy00SSZzaXplPTExMzMwNTYiLCJ3aWR0aCI6MTI4MCwiaGVpZ2h0Ijo4MDAsImxvYWRlcl9jbGllbnRfdGltZXN0YW1wIjoxMzkyMjUyMjE2MTA0fQ%3D%3D[1].js scheduled to be moved on reboot.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\rpc[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\rpc[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\rpc[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\rpc[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\r[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\r[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\r[6].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\seg[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\seg[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\seg[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\seg[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\seg[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\sf_alive[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\st[2] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\st[3] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\tv-classic-lyricssing[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\t[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\userData[3].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\verifyc[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHKX7BN\xdm[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\121566052986137587[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\4442456fa0[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\4442456fa0[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\7862658534308710458[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\adServerESI[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\adServerESI[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\afr[3].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCA2V8WZS.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCA4MN54O.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCA5E5FDK.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCABHQTDK.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCADJBJ1A.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCADP10WI.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCAGENKXP.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCAHI8CO3.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCALMC0C0.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCANKVA7U.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCASX2C3L.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\a_usersyncCAVSPPEU.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\cms-2c[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\cms-2c[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\c[3].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\c[4].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\daily[3].js moved successfully.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\dWJhZmZpZCI6MTAzNywiaHJlZiI6Imh0dHBzOi8vd3d3LnZpcnVzdG90YWwuY29tL2VuLyIsIndpZHRoIjoxMjgwLCJoZWlnaHQiOjgwMCwibG9hZGVyX2NsaWVudF90aW1lc3RhbXAiOjEzOTIyNTI0MTkyMzV9[1].js scheduled to be moved on reboot.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\d_txtsrving_info[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\get-user-id[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\get-user-id[6].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\get-user-id[7].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\get-user-id[8].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\if[3].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\if[4].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\iPage[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\matchCAFFJW0D moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\matchCAI1AJIT moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\p-0.01[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\rpc[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\rpc[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\r[7].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\r[8].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\seg[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\seg[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\seg[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\st[2] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\st[3] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\st[4] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\st[5] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\t[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\verifyc[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\verifyc[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\WLBidRequestHandlerCA17TE1R moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\WLBidRequestHandlerCAIJHBXH moved successfully.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\YTVhOGU4ZWQzNmJlZTE3NzRkYmRiMjYzZDliYzc1Ni9hbmFseXNpcy8xMzkyMjUyMjUxLyIsIndpZHRoIjoxMjgwLCJoZWlnaHQiOjgwMCwibG9hZGVyX2NsaWVudF90aW1lc3RhbXAiOjEzOTIyNTIyNDYyNzV9[1].js scheduled to be moved on reboot.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\YTVhOGU4ZWQzNmJlZTE3NzRkYmRiMjYzZDliYzc1Ni9hbmFseXNpcy8xMzkyMjUyNDk3LyIsIndpZHRoIjoxMjgwLCJoZWlnaHQiOjgwMCwibG9hZGVyX2NsaWVudF90aW1lc3RhbXAiOjEzOTIyNTI0OTIxMjZ9[1].js scheduled to be moved on reboot.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJMISEB\_np[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\0ROlUQrEE0_1124306985[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\0ROlUQrEE0_1124306985[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\2355614126206782876[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\4228628380006773066[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\4442456fa0[9].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\8501243356396369726[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\adServerESI[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\adServerESI[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\adServerESI[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCA6VD302.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCA9MQ4K5.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCAF7UA7K.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCAH8M3IH.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCAR3TR0U.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCARDAD2F.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCATOOO35.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\a_usersyncCAVNTNIL.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\cl[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\cl[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\c[6].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\get-user-id[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\get-user-id[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\get-user-id[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\getSnoozing[10].do moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\getSnoozing[9].do moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\if[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\if[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\img[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\img[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\index[4].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\ip[1] moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\matchCA1UFMOQ moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\matchCAVA5OUD moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\res[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\retarget[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\rpc[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\r[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\segCA5XWTCH.js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\segCAKN18LB.js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[10].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[11].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[6].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[7].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[8].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\seg[9].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\WLBidRequestHandlerCAFPBMJ1 moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGLA3Y2\WLBidRequestHandlerCAIWPAM1 moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\1.1[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\1406349193835630458[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\4442456fa0[4].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\6391740222901806463[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\7670094835884856872[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\8307971317992256807[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\action[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\afr[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCA375ROF.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCA3MSIH7.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCA5TASS6.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCA73L22V.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCA7X5E2O.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAA3WEKG.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAIA8KUS.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAIWG9FA.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAK7OQ7I.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAKZOQE7.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAORQ09U.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAPVZJQV.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCARPS9ZZ.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAVX4DHX.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAY99FVC.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\a_usersyncCAYIEQW2.htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\c[7].php moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\daily[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\dis[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\download_offers[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\d_txtsrving_info[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\fontawesome-webfont[1].eot moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\get-user-id[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\getSnoozing[6].do moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\getSnoozing[7].do moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\matchCA0Y9B51 moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\matchCAA0VB1K moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\matchCAXMSHEF moved successfully.
File move failed. C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\N3BnZWtJek1mN2tqUk5MLUE3a0pja1dJeEZYczlCb2p1SSZzaXplPTExMzMwNTYiLCJ3aWR0aCI6MTI4MCwiaGVpZ2h0Ijo4MDAsImxvYWRlcl9jbGllbnRfdGltZXN0YW1wIjoxMzkyMjUyNDY3Mzk1fQ%3D%3D[1].js scheduled to be moved on reboot.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\p-0.01[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\p-0.01[2].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\popup[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\pr_set[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\r[5].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\r[6].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\seg[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\sf_conduit_loader[1].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\t[2].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\userData[3].htm moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\verifyc[3].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\WLBidRequestHandlerCA0G32TU moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\WLBidRequestHandlerCAD74MZJ moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\_np[1].js moved successfully.
C:\Users\EMMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NW25XJ8\_np[3].js moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\EMMA\AppData\Roaming\svc-rvha.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02132014_203418