Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New Virus [Solved]

Started by scmba , Feb 22 2014 07:42 PM

  • This topic is locked This topic is locked

#1
scmba
Posted 22 February 2014 - 07:42 PM

scmba

    Member

  • Member
  • PipPipPip
  • 109 posts
Hi

My son tried to download a Minecraft Mod and got a virus: on firefox, new tabs pop up with advertising like Norton/Gorilla Price. I tried removing gorilla price by uninstalling, but it just opened another firefox tab with "gorilla price" on it. Here is the OTL Log:

OTL logfile created on: 22/2/2014 16:18:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.17% Memory free
7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 829.35 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
PRC - [2014/02/20 18:43:19 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/14 16:41:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/06 10:40:56 | 000,494,080 | ---- | M] () -- C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
PRC - [2014/02/06 09:28:26 | 000,070,144 | ---- | M] () -- C:\ProgramData\gorillaprice\WatGorp.exe
PRC - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
PRC - [2014/01/06 08:15:50 | 000,114,176 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/11/13 12:50:37 | 000,198,424 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
PRC - [2013/11/01 05:11:52 | 000,382,040 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
PRC - [2013/06/04 05:16:00 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/20 18:43:18 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/14 16:41:10 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 01:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/02/20 18:43:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 16:41:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2013/09/05 16:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/12 10:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 19:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/04 05:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 14:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2014/02/17 17:36:19 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1556074467&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://start.mysearc...=1556074467&ir=
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: quiknowledge%40quiknowledge.com:1.9.0.1
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/15 19:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/02/22 13:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/17 18:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Extensions
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2012/05/07 13:33:51 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan
[2014/02/22 13:26:30 | 000,000,975 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\conduit-search.xml
[2014/02/22 13:26:51 | 000,002,407 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\Mysearchdial.xml
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/02/14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 16:41:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - HKLM..\RunOnce: [Del22098352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Del22119428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Del22098352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del22119428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O8 - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...41/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BF7B662-1D91-46CC-B9D4-74AA4DF90A20}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 15:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\jojo\Desktop\virus
[2014/02/22 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Malwarebytes
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/22 15:31:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/22 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/22 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\Programs
[2014/02/22 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{60ED7FF8-D1E7-41CC-9FBA-99196017FE01}
[2014/02/22 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/02/22 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quiknowledge
[2014/02/22 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2014/02/22 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/02/22 13:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2014/02/22 13:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2014/02/22 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/22 13:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2014/02/22 13:24:23 | 000,970,520 | ---- | C] (TMRG, Inc.) -- C:\Windows\SysNative\rlls64.dll
[2014/02/22 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RelevantKnowledge
[2014/02/22 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\gorillaprice
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gorillaprice
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/02/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\SearchProtect
[2014/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/02/18 12:58:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{27B08E7F-63B4-4FF2-A512-A0483B12D40F}
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C
[2014/02/14 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/05 15:13:12 | 000,058,256 | ---- | C] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2014/02/22 17:27:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/22 17:27:28 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001UA.job
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/22 17:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:31:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/22 07:25:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 07:25:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 07:18:35 | 000,001,926 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/02/22 07:18:18 | 3063,238,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/21 11:37:55 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jojo.job
[2014/02/21 06:42:44 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001Core.job
[2014/02/12 03:13:41 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 03:13:41 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 03:13:41 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 03:13:33 | 000,773,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 16:03:17 | 394,378,406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/31 02:37:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini

========== Files Created - No Company Name ==========

[2014/02/22 15:31:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/22 13:26:46 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 13:26:25 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/17 17:32:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini
[2013/11/23 12:53:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/31 12:31:32 | 000,001,114 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/14 12:30:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/14 12:29:54 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/22 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\.minecraft
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/22 07:19:00 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Dropbox
[2011/04/24 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\EPSON
[2011/04/17 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\OEM
[2014/02/22 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2012/07/02 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Packard Bell
[2012/05/12 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\WildTangent
[2013/02/09 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Pyxis
Posted 22 February 2014 - 11:07 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis
Posted 23 February 2014 - 08:06 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
SRV - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
DRV:64bit: - [2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1556074467&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://start.mysearc...=1556074467&ir=
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: quiknowledge%40quiknowledge.com:1.9.0.1
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2012/05/07 13:33:51 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan
[2014/02/22 13:26:30 | 000,000,975 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\conduit-search.xml
[2014/02/22 13:26:51 | 000,002,407 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\Mysearchdial.xml
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
[2014/02/22 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{60ED7FF8-D1E7-41CC-9FBA-99196017FE01}
[2014/02/22 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/02/22 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quiknowledge
[2014/02/22 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2014/02/22 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/02/22 13:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2014/02/22 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RelevantKnowledge
[2014/02/22 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\gorillaprice
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gorillaprice
[2014/02/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\SearchProtect
[2014/02/05 15:13:12 | 000,058,256 | ---- | C] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/18 12:58:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{27B08E7F-63B4-4FF2-A512-A0483B12D40F}
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\24x7 Help

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del22098352"=-
"Del22119428"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del22098352"=-
"Del22119428"=-

:Commands
[emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • MMDDYYYY_HHMMSS.log (OTL)
  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • AdwCleaner[S*].txt (AdwCleaner)
  • JRT.txt (Junkware Removal Tool)

  • 0

#4
scmba
Posted 24 February 2014 - 10:29 AM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL after running your fix:

All processes killed
========== OTL ==========
Service qksvc stopped successfully!
Service qksvc deleted successfully!
C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe moved successfully.
Service BBUpdate stopped successfully!
Service BBUpdate deleted successfully!
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE moved successfully.
Service BBSvc stopped successfully!
Service BBSvc deleted successfully!
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE moved successfully.
Error: Unable to stop service qknfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qknfd deleted successfully.
C:\Windows\SysNative\drivers\qknfd.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Mysearchdial" removed from browser.search.defaultenginename
Prefs.js: "Mysearchdial" removed from browser.search.order.1
Prefs.js: "Mysearchdial" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3 removed from extensions.enabledAddons
Prefs.js: ffxtlbr%40mysearchdial.com:1.6.0 removed from extensions.enabledAddons
Prefs.js: quiknowledge%40quiknowledge.com:1.9.0.1 removed from extensions.enabledAddons
Prefs.js: wecarereminder%40bryan:4.1.23.4 removed from extensions.enabledAddons
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales\en-US folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\content folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\components folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected] folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\searchplugins folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected] folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\META-INF folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\defaults\preferences folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\defaults folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\components folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\chrome\logo folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan\chrome folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\wecarereminder@bryan folder moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\conduit-search.xml moved successfully.
C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\Mysearchdial.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ deleted successfully.
C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ deleted successfully.
C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
C:\Users\jojo\AppData\Local\{60ED7FF8-D1E7-41CC-9FBA-99196017FE01} folder moved successfully.
C:\Users\jojo\AppData\Roaming\24x7 Help folder moved successfully.
C:\Program Files\Quiknowledge\IE folder moved successfully.
C:\Program Files\Quiknowledge folder moved successfully.
C:\Program Files (x86)\Quiknowledge\Service folder moved successfully.
C:\Program Files (x86)\Quiknowledge\IE folder moved successfully.
C:\Program Files (x86)\Quiknowledge\FireFox folder moved successfully.
C:\Program Files (x86)\Quiknowledge\3rd Party Licenses folder moved successfully.
C:\Program Files (x86)\Quiknowledge folder moved successfully.
Folder C:\Program Files (x86)\24x7Help\ not found.
C:\ProgramData\PCFixSpeed\Translate folder moved successfully.
C:\ProgramData\PCFixSpeed\Startup folder moved successfully.
C:\ProgramData\PCFixSpeed\Backup folder moved successfully.
C:\ProgramData\PCFixSpeed folder moved successfully.
Folder C:\Program Files (x86)\PCFixSpeed\ not found.
Folder C:\Program Files (x86)\RelevantKnowledge\ not found.
C:\Program Files (x86)\Wajam folder moved successfully.
Folder C:\ProgramData\gorillaprice\ not found.
Folder C:\Program Files (x86)\gorillaprice\ not found.
C:\Users\jojo\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
C:\Users\jojo\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\jojo\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\jojo\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
File C:\Windows\SysNative\drivers\qknfd.sys not found.
C:\Users\jojo\AppData\Local\{27B08E7F-63B4-4FF2-A512-A0483B12D40F} folder moved successfully.
C:\Windows\Tasks\MySearchDial.job moved successfully.
C:\Windows\Tasks\Digital Sites.job moved successfully.
Folder C:\Users\jojo\AppData\Roaming\24x7 Help\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del22098352 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del22119428 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del22098352 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del22119428 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jojo
->Temp folder emptied: 1360509033 bytes
->Temporary Internet Files folder emptied: 428904520 bytes
->Java cache emptied: 3119518 bytes
->FireFox cache emptied: 435936442 bytes
->Flash cache emptied: 5386689 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1095050078 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78288761 bytes
RecycleBin emptied: 5458701 bytes

Total Files Cleaned = 3,255.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02242014_075816

Files\Folders moved on Reboot...
C:\Users\jojo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
scmba
Posted 24 February 2014 - 10:59 AM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Adware Cleaner:

# AdwCleaner v3.019 - Report created 24/02/2014 at 08:37:14
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jojo - JOJO-COMPUTER
# Running from : C:\Users\jojo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\jojo\AppData\Local\Searchprotect
Folder Deleted : C:\Users\jojo\AppData\Roaming\DigitalSites
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\invalidprefs.js
File Deleted : C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\user.js
File Deleted : C:\Windows\System32\Tasks\MySearchDial
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPD1C86B33-EDED-4A43-A5AD-D2DB477AD248");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr0202ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0DtDtByBzzzztA0EtA0D0BzyyCyByEzztN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1556074467");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztA0EtA0D0BzyyCyByEzztN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "D027883E3DB96748");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16123");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztA0EtA0D0BzyyCyByEzztN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztA0EtA0D0BzyyCyByEzztN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.013:26:27");

*************************

AdwCleaner[R0].txt - [8510 octets] - [24/02/2014 08:34:50]
AdwCleaner[S0].txt - [8231 octets] - [24/02/2014 08:37:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8291 octets] ##########
  • 0

#6
scmba
Posted 24 February 2014 - 12:00 PM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by jojo on ?? 24/02/2014 at 9:00:17.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{0BB7E7C4-CF5A-4ED5-A872-D447A45438DB}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{0D697C00-DA90-42C6-9C13-8116C40AAEE4}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{1308B995-D6AD-4951-9FD3-2765BF0F7D2E}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{192CA1F2-8A91-4A2C-A3DF-3FA082F81C90}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{24CC1ADE-B64E-49C3-9894-3D38697DA224}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{2C205B00-05C0-4E38-B645-7A3E5B3A38C2}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{30449E4D-C21A-4E15-A57A-92804719800E}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{4220F4AD-6090-4AD0-A501-7EAEA191E2B9}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{44FCE760-5698-40C3-9223-C3A707D12256}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{4C6A3D19-38F7-4A19-87C3-74BA9360BACE}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{54ADDE3F-72D8-46CE-BBB6-D6D5AB156168}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{6BF50AFC-DF9A-48A8-887C-9A7E1CDE9046}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{6E28DA6B-1F51-4481-A0BA-F0CDBD6EF113}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{82E20665-C062-4F98-9A53-5AC3AD0F4D37}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{89C92CF5-B162-4187-96D7-FFF35D1CBA54}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{98101D22-8A75-440A-A195-0112D703EFD3}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{A29A9FE5-4CF6-4F18-9EBD-18FCF6325741}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{AFA344C8-A8F7-42B1-905A-5A34FFEAE1DD}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{B2C3F5D8-284D-498A-AA56-E077D5584ED9}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{B70DEFE1-266B-4A0C-B77A-6BCF92F6A4C7}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{B7FA28A1-BEBA-4652-832A-DC5C8C85A999}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{B82134A1-3F5E-4795-B3AB-B5BDA55A683F}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{BF3664C3-2290-46F0-A2D0-19C68BF60A97}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{C6EDC822-1714-4B95-AF76-0AF768C8E56D}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{CAB16A76-4C01-4C4C-9A23-7C701CFA952E}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{DAAA6B26-EE36-42FE-AF52-4F0E7BD8D10F}
Successfully deleted: [Empty Folder] C:\Users\jojo\appdata\local\{F0C97FDC-7873-493C-8547-0A17D8E65070}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Emptied folder: C:\Users\jojo\AppData\Roaming\mozilla\firefox\profiles\te3mhgh1.default\minidumps [412 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ?? 24/02/2014 at 9:06:31.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
scmba
Posted 24 February 2014 - 01:49 PM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ok, OTL and Extras:

OTL logfile created on: 24/2/2014 10:02:13 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 76.83% Memory free
7.61 Gb Paging File | 6.20 Gb Available in Paging File | 81.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 832.61 Gb Free Space | 90.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
PRC - [2014/02/14 16:41:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/31 11:13:58 | 006,369,280 | ---- | M] (OpenDownloadManager.com) -- C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/14 16:41:10 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/23 09:40:44 | 003,516,416 | ---- | M] () -- C:\Program Files (x86)\OpenDownloaderManager\fdmbtsupp.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 01:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/02/20 18:43:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 16:41:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 16:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/12 10:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 19:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/04 05:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 14:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2014/02/17 17:36:19 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-751754415-1767991326-142781326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-751754415-1767991326-142781326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-751754415-1767991326-142781326-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-751754415-1767991326-142781326-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-751754415-1767991326-142781326-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/15 19:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/17 18:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Extensions
[2014/02/24 08:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions
[2014/02/24 08:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 16:41:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-751754415-1767991326-142781326-1001..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-751754415-1767991326-142781326-1001..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O8 - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...41/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BF7B662-1D91-46CC-B9D4-74AA4DF90A20}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/24 09:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/24 08:59:43 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\jojo\Desktop\JRT.exe
[2014/02/24 08:34:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/24 07:58:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/22 15:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\jojo\Desktop\virus
[2014/02/22 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Malwarebytes
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/22 15:31:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/22 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/22 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\Programs
[2014/02/22 13:24:23 | 000,970,520 | ---- | C] (TMRG, Inc.) -- C:\Windows\SysNative\rlls64.dll
[2014/02/22 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C
[2014/02/14 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/12 03:01:39 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 03:00:47 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 03:00:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 03:00:46 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 03:00:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 03:00:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 03:00:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 03:00:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 03:00:44 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 03:00:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 03:00:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 03:00:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 03:00:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 03:00:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 03:00:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 03:00:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 03:00:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 03:00:42 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 03:00:42 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 03:00:42 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 03:00:41 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 03:00:40 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 03:00:40 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 03:00:36 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/11 15:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/11 15:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 15:46:16 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/11 15:46:16 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/11 15:46:15 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/11 15:46:15 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/11 15:46:15 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/11 15:46:15 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/11 15:46:15 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/11 15:46:15 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/11 15:46:15 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/11 15:46:15 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/11 15:46:15 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/11 15:46:15 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/11 15:46:14 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/11 15:46:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/11 15:46:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/11 15:46:14 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/11 15:46:14 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/11 15:46:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/11 15:46:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/02 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2014/02/24 09:59:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:59:45 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001UA.job
[2014/02/24 09:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/24 08:59:43 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\jojo\Desktop\JRT.exe
[2014/02/24 08:45:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 08:45:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 08:38:24 | 000,001,926 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/02/24 08:38:03 | 3063,238,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/24 08:34:00 | 001,241,834 | ---- | M] () -- C:\Users\jojo\Desktop\AdwCleaner.exe
[2014/02/23 08:09:17 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jojo.job
[2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:31:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/21 06:42:44 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001Core.job
[2014/02/20 18:43:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/20 18:43:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/12 03:13:41 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 03:13:41 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 03:13:41 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 03:13:33 | 000,773,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/02 16:03:17 | 394,378,406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/31 02:37:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini

========== Files Created - No Company Name ==========

[2014/02/24 08:33:59 | 001,241,834 | ---- | C] () -- C:\Users\jojo\Desktop\AdwCleaner.exe
[2014/02/22 15:31:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/17 17:32:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini
[2013/11/23 12:53:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/31 12:31:32 | 000,001,114 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/14 12:30:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/14 12:29:54 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/22 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\.minecraft
[2014/02/24 10:00:12 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Dropbox
[2011/04/24 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\EPSON
[2011/04/17 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\OEM
[2014/02/24 10:08:44 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2012/07/02 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Packard Bell
[2012/05/12 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\WildTangent
[2013/02/09 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 24/2/2014 10:02:13 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 76.83% Memory free
7.61 Gb Paging File | 6.20 Gb Available in Paging File | 81.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 832.61 Gb Free Space | 90.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-751754415-1767991326-142781326-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0072263B-3471-4C73-9874-230FF0FD94FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{0081D40E-2172-4ABF-A1CE-71DCF254826E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06392B3D-4C97-4247-8A38-09DFFB37D15E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0DDE89D2-D378-49CF-B6CE-DEF5A3002841}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21FC9928-BF74-4921-860C-1DA3040F390A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25CFDDD6-8577-4125-B4F0-5C6109CF0804}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2B5364C6-DC6A-4E18-B340-16283DCD3100}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3117BD12-7B49-4568-80A5-65BEB0040920}" = rport=10243 | protocol=6 | dir=out | app=system |
"{360244CC-18C4-4C18-9119-51208660D045}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CBB9598-4ED5-4205-B655-C6F34FF44501}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CF44029-3FC9-481B-BA83-011C144E8FF3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4C446D43-91CF-4A70-AB45-F0EBE72136AC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5367370A-1937-4004-977E-9D1981053FD5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5E3B5348-EC26-4FEE-9A81-8D1D23BF996E}" = lport=445 | protocol=6 | dir=in | app=system |
"{61F37840-D771-4E0F-A822-DA36A6190198}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{672D6D3F-BEE4-4006-B2B6-AE1E4304FCCC}" = rport=139 | protocol=6 | dir=out | app=system |
"{67530C0C-8CE1-4160-BBAF-1F07D9E38E2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{675FF9EE-1441-4380-8413-6AAE021F4ACF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CECEFFA-7E6F-4B9D-97AE-F8B3A042217D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7DADEF7F-8E95-4773-BEE2-1FB35CE58EB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DD020F8-B71A-4D3E-8727-400579239A3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E037990-2A73-4E18-8405-2FC36BA7098C}" = rport=137 | protocol=17 | dir=out | app=system |
"{A395C1F9-CDA2-4A91-8B9A-0C05AB3A1E8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B022172C-07E0-4FAE-A949-C3F91CFC0297}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4BF5587-CA76-47E0-AFBF-D6EB037C9265}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7771EFF-D91E-4C3F-82A2-CCCACDFDAF61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D02249A6-3D81-40CE-B999-5B6EC5611BCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC1BE139-6BF9-473E-B037-F1FEBDD5261F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF21F86A-BA13-4997-8939-C1AFF85A98B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E208625D-DA80-4D16-AE16-896EB7D565C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E49ECFE1-FFAE-4873-BDF4-0E6129393D1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9748EA7-DF8A-4411-A3C6-C8E3C4ADDF3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC7D3BD3-63E5-4CC7-B794-76E8655B093A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04218A14-A9DB-4E07-B70C-686D841A30BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{059B5E18-AB2A-497C-910A-208F4ECCEC69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09E0BD06-F1BF-4D77-8B19-357D0F1938F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0DA54219-A72C-4C55-BE21-EEBFB15B1FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{12A08DB4-9756-49A1-9ABD-03D63FCF030E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13AB8449-9353-4944-B3A3-952CAEB61341}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1512BF0F-C411-4271-9C17-D9898F0F9F1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15E00AA8-21B8-4A4D-ABFA-39358286F187}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{186B5325-0D27-4A2C-A09F-7FC0BDC5236F}" = protocol=1 | dir=in | [email protected],-28543 |
"{19C9C93F-31A3-4DF3-B86C-F6EF5B97C3C3}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
"{1BDD0475-5FB5-44FF-B26C-8B913C961490}" = protocol=58 | dir=out | [email protected],-503 |
"{2F6019E8-DD32-4C52-985B-7E1D4683B953}" = protocol=6 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"{305AD432-93F0-4FE5-843B-F18C7E956295}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37CDAB6B-6A40-4B79-873B-D4C83B532EB5}" = protocol=17 | dir=in | app=c:\users\jojo\appdata\local\temp\7zs2630\hpdiagnosticcoreui.exe |
"{444190FF-2F3D-4C57-8852-C0419581426E}" = protocol=17 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"{47999D51-B5B4-49CE-9180-78E7F0D19831}" = protocol=58 | dir=in | [email protected],-28545 |
"{482F01CA-0B7A-451F-B4F9-A317861CF9D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4E4ABBC0-7F90-46D7-B2AC-42FD37ABA89E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57918B19-B748-4010-86C1-3C792E6AD343}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{5B374DA0-F9E9-4054-ADE6-B8AC7600BF25}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B81A60F-D8FF-4F4E-B7FB-E429844EE04F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5ECAFEDA-8DD3-4BF4-B9B6-5B089875E146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6566CE99-DF45-475C-8352-1FA96774EE46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{67E45388-87C7-42F6-A15E-0798A62F2B74}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{71A64329-F415-4E66-B569-62216073CD91}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7ACA15EB-8FA4-465C-9AF1-324C487E4F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0785A6E-341F-4BFC-8F7C-3A5C3F2000D7}" = protocol=6 | dir=out | app=system |
"{A7F501CB-3AB2-4350-B460-7DDE438789AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB2556BB-B520-4920-A38D-31B09749B361}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B1DB52F5-1015-417B-9933-2294C0B2603F}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
"{B20F53BF-3E4F-4FA7-9BAA-6D21F3214E59}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B24F4274-0DDD-4B74-B9F1-A7B26C240A10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B3F59208-8E23-4434-9B22-7DCD2D68EDBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{C5256A84-82D5-4104-8C6B-26A2AD117088}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
"{C5371F07-7552-4784-A33A-B859F3169014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C599C5FC-7E03-4F65-871F-13774A0FD8BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8ED133F-BE03-4C49-9010-9EB741A8BC60}" = protocol=6 | dir=in | app=c:\users\jojo\appdata\local\temp\7zs2630\hpdiagnosticcoreui.exe |
"{D245205C-8963-4B8F-B138-DFE42CC8329E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3ACFC0B-9C5E-43E4-BE72-2DE47118CA6C}" = protocol=58 | dir=in | app=system |
"{D568065B-FC8B-470A-8B37-E92E161B5953}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBDFEAA3-1311-4106-A76B-D070C0F2DCCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEA8B832-79DB-4878-AE07-F3AD5851A6FF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9376CD6-799D-4808-9015-D2469ACBD5E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0CCC941-2D64-46F4-A7C4-AD032A12E826}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
"{F34DB0D1-9BE8-46AD-BB7D-7A0D5C97D901}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F42507E7-5D45-46EB-BF93-AD007247623A}" = protocol=1 | dir=out | [email protected],-28544 |
"{F983A3AB-4295-4F1B-B024-1A5A4C263105}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"TCP Query User{3A345319-E841-478C-A12D-668C46F1347C}D:\yes_chinese.exe" = protocol=6 | dir=in | app=d:\yes_chinese.exe |
"TCP Query User{A61BAE57-F6DA-4096-BD16-844AC3B2CB7A}C:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A818377E-EB8E-4F01-8786-F10BBE83A42B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{E62137C1-7172-4AB4-A1BF-33AB00F3A3C6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1BF62B82-3A9B-4427-A1BA-F77DCD4930FA}D:\yes_chinese.exe" = protocol=17 | dir=in | app=d:\yes_chinese.exe |
"UDP Query User{45B4AFA5-C5C0-4D62-837D-03C5D64C9340}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5C9FD6B4-3DFF-4DF4-B829-8D69B096600E}C:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F169C5F6-EEC8-4E53-9F8B-E325437E112C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26B4D0E1-6F6D-48DF-8719-80276A259F7E}" = SavetheChildren Reminder by We-Care.com v4.1.26.4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000004}" = Avery Template - U_0112_01_Organizing_0911_10_en
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{dbc6e253-d2c2-4d46-9b3c-5320235d08d3}" = Nero 9 Essentials
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"EPSON Scanner" = EPSON Scan
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenDownloaderManager" = Open Downloader Manager
"Plants vs. Zombies" = Plants vs. Zombies
"Quiknowledge" = Quiknowledge
"Stagecast Creator 2" = Stagecast Creator 2
"UPCShell" = LeapFrog Connect
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-751754415-1767991326-142781326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 24/2/2014 13:59:44 | Computer Name = jojo-computer | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#8
Pyxis
Posted 24 February 2014 - 10:53 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thank you for the logs. How are things running? I'm currently preparing my fix. :)
  • 0

#9
scmba
Posted 25 February 2014 - 06:22 AM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Haven't really used the computer much for fear of more virus' and pop ups.
  • 0

#10
Pyxis
Posted 25 February 2014 - 08:05 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Haven't really used the computer much for fear of more virus' and pop ups.

Test it after doing the below. I think you might be in for a pleasant surprise. ;)

  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

    Java Runtime Environment -- Update
Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

    Bing Bar
    Bing Rewards Client Installer
    Norton Security Scan (Unnecessary)
    Open Downloader Manager
    Quiknowledge
Inform me if you encounter problems in the removal process.
  • Step 3

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
PRC - [2013/05/31 11:13:58 | 006,369,280 | ---- | M] (OpenDownloadManager.com) -- C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
[2012/03/14 12:30:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/23 12:53:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/23 08:09:17 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jojo.job
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/02/22 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/02/22 13:24:23 | 000,970,520 | ---- | C] (TMRG, Inc.) -- C:\Windows\SysNative\rlls64.dll
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O8:64bit: - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O8 - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O4 - HKU\S-1-5-21-751754415-1767991326-142781326-1001..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

:Files
C:\Program Files (x86)\OpenDownloaderManager
  • Click Run Fix.
  • After, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.

    • Double-click mbam-setup-*.exe and proceed to installing the program.
    • Accept the License Agreement.
    • At the end, ensure a check mark is both placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
    • In case you don't get a chance to do so, you may also find the log in the program's Logs tab.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    Download 'SecurityCheck by screen317' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • MMDDYYYY_HHMMSS.log (OTL)
  • checkup.txt (SecurityCheck)
  • mbam-log-*.txt (Malwarebytes' Anti-Malware)

  • 0

Advertisements

#11
scmba
Posted 25 February 2014 - 09:44 PM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi, I'm out of the state and will do this Friday and post results. If I can get someone else to do it, I will.
  • 0

#12
Pyxis
Posted 25 February 2014 - 11:24 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
No worries. :)
  • 0

#13
scmba
Posted 27 February 2014 - 09:19 PM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi I'm back. after trying to delete the few programs, these did not delete: Norton Security Scan (an ad popped up) and there was no Bing toolbar.
  • 0

#14
scmba
Posted 27 February 2014 - 09:21 PM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL Fix Log:

========== OTL ==========
No active process named ODM.exe was found!
C:\Windows\QBChanUtil_Trigger.ini moved successfully.
C:\ProgramData\Ament.ini moved successfully.
C:\Windows\Tasks\Norton Security Scan for jojo.job moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28\Definitions\VirusDefs-2.5-E\newdefs-trigger folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28\Definitions\VirusDefs-2.5-E\BinHub folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28\Definitions\VirusDefs-2.5-E\20140227.002 folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28\Definitions\VirusDefs-2.5-E folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28\Definitions folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData\4.1.0.28 folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\NortonData folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28 folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\Engine folder moved successfully.
C:\Program Files (x86)\Norton Security Scan folder moved successfully.
C:\Users\jojo\AppData\Roaming\Open Download Manager folder moved successfully.
Folder C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager\ not found.
C:\Program Files (x86)\OpenDownloaderManager folder moved successfully.
C:\Windows\SysNative\rlls64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlall.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download selected with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download video with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dllink.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlall.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download selected with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download video with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Open Download Manager\ not found.
File C:\Program Files (x86)\OpenDownloaderManager\dllink.htm not found.
Registry value HKEY_USERS\S-1-5-21-751754415-1767991326-142781326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager not found.
File C:\Program Files (x86)\OpenDownloaderManager\odm.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\OpenDownloaderManager not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02272014_192028
  • 0

#15
scmba
Posted 28 February 2014 - 08:37 AM

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Malbytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
jojo :: JOJO-COMPUTER [administrator]

27/2/2014 19:24:39
mbam-log-2014-02-27 (19-24-39).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415935
Time elapsed: 1 hour(s), 16 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\_OTL\MovedFiles\02272014_192028\C_Windows\SysNative\rlls64.dll (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP