Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Tabs Opening in Firefox v27 [Solved]


  • This topic is locked This topic is locked

#1
beabruin

beabruin

    Member

  • Member
  • PipPip
  • 73 posts
Running Windows 7 Ultimate 32-bit on Asus Netbook.

Browsers installed are: IE v10, Firefox v27, and Chrome v33

I mostly use Chrome and Firefox and only IE only when absolutely necessary.

Today I installed a driver for the Xitel MD-Port-DG2 Digital PCLink (TOSLINK) device and also downloaded and installed Musicmatch Jukebox Plus. I am not sure of the version of Jukebox Plus. While installing or trying to run it for the first time, there was a dialog box stating known compatibility issues with my version of Windows and the version of Jukebox Plus I was attempting to run. I tried to cancel out of the installation or program execution but it looks like it continued.

When I opened a Youtube page in a tab, the page was slow to open and subsequently, 2 or 3 other tabs also opened with various popup windows (tabs) asking me to install more video players etc. My A/V software also detected and cleaned some low-level adware threats which I can't seem to find the logs for. I fear I have some kind of BHO or other malware and I need assistance with cleanup.

Here is my OTL Log:
==========================
OTL logfile created on: 3/1/2014 4:58:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.02% Memory free
3.98 Gb Paging File | 2.58 Gb Available in Paging File | 64.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 87.84 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

Computer Name: ASUS1001P | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 16:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Downloads\OTL.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/07/27 01:01:15 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/19 16:30:02 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/11/19 16:24:46 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/06/27 15:09:00 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011/08/01 13:07:18 | 000,425,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/10/16 20:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 10:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/02/14 16:01:09 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\072c6f97b71b661c7ceb5f071421e0be\IAStorUtil.ni.dll
MOD - [2014/02/14 15:42:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 15:39:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 15:39:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 15:38:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 15:37:52 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 15:37:38 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 15:37:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 15:37:17 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2014/02/25 10:51:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/07/27 01:11:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/02/22 11:14:18 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/22 11:14:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/23 06:25:49 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 05:09:04 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 05:09:04 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/06 14:08:55 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2012/07/31 06:57:15 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012/06/21 21:00:20 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012/06/11 11:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 16:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 16:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/01/25 14:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/11/08 13:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/05 08:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 17:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24wuk5w47323881
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{02C429A1-EC9B-499D-8C51-6757F5CC8A98}: "URL" = http://search.yahoo....petb&type=10753
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS365
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{731FA787-E735-4C3A-AFA6-6F76B530C3D3}: "URL" = http://findwide.com/...k={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...969294562639494
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.93.44
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/15 13:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/01 15:51:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 10:51:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 10:51:26 | 000,000,000 | ---D | M]

[2061/11/10 09:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Extensions
[2014/03/01 15:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions
[2014/03/01 15:58:21 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\userCode
[2014/02/25 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/25 10:51:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.27_0\
CHR - Extension: Google Docs = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files\The weDownload Manager\The weDownload Manager-bho.dll (weDownload)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9E4F853E-46FF-4AB9-B2B6-3855F1BC6D2D} - No CLSID value found.
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43FE4B32-A350-46E9-9BCB-179809506DD4}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76DAA655-FA95-4A97-8467-3E94CF14F657}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell\AutoRun\command - "" = D:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2061/11/10 09:29:17 | 000,000,000 | R--D | C] -- C:\Users\Asus\Desktop\Applications
[2061/11/10 09:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Mozilla
[2061/11/10 09:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Mozilla
[2061/11/10 08:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2061/11/10 08:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/01 17:02:12 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/03/01 15:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\The weDownload Manager
[2014/02/26 17:16:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/12 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\SG
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/01 16:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/01 16:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/01 16:07:31 | 000,001,008 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/01 16:01:19 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 16:01:19 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 15:48:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/01 15:48:12 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 10:50:03 | 000,661,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/27 10:50:03 | 000,121,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/19 09:47:29 | 000,000,681 | ---- | M] () -- C:\Windows\BRRBCOM.INI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2061/11/10 09:30:49 | 000,001,273 | ---- | C] () -- C:\Users\Asus\Documents\Norton Installation Files.lnk
[2061/11/10 08:59:57 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/04 12:18:25 | 000,022,620 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013/11/22 17:48:46 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/11/22 17:48:46 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/11/22 17:45:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/11/22 17:05:56 | 000,000,681 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2013/11/22 16:53:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/11/22 16:53:48 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/11/22 16:53:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC12A.DAT
[2013/07/26 16:39:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/07/26 16:39:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/07/26 13:58:44 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2013/07/26 13:58:44 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2013/07/26 13:54:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/15 17:53:46 | 000,103,784 | ---- | C] () -- C:\Users\Asus\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/22 17:54:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ControlCenter4
[2013/07/26 13:55:50 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\E-Cam
[2013/11/08 05:21:01 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ID Vault
[2014/01/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola
[2014/01/06 10:05:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola Mobility
[2013/11/22 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nuance

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello beabruin

My name is Nutloaf, and I will be helping you with Malware Removal.

Please read all instructions and fixes thoroughly.

  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.


I'd like you to run another OTL scan to give me a better look, there will be 2 logs produced - OTL.txt and Extras.txt I need to see both.



1. DOWNLOAD OTL

  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply


2. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

3. Run ADWcleaner

  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Scan
  • When the search is complete click Report. Please post this report in your next reply.


4. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.

  • OTL.txt
  • Extras.txt
  • aswMBR results
  • ADWcleaner results
  • checkuptxt

  • 0

#3
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Here are the logs as requested.
===============
OTL
===============
OTL logfile created on: 3/3/2014 5:14:39 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.55% Memory free
3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 88.18 Gb Free Space | 59.20% Space Free | Partition Type: NTFS

Computer Name: ASUS1001P | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 16:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/07/27 01:01:15 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/19 16:30:02 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/11/19 16:24:46 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/06/27 15:09:00 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011/08/01 13:07:18 | 000,425,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/10/16 20:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 10:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/02/14 16:01:09 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\072c6f97b71b661c7ceb5f071421e0be\IAStorUtil.ni.dll
MOD - [2014/02/14 15:42:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 15:39:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 15:39:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 15:38:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 15:37:52 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 15:37:38 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 15:37:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 15:37:17 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2014/02/25 10:51:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/07/27 01:11:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/02/22 11:14:18 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/22 11:14:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/23 06:25:49 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 05:09:04 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 05:09:04 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/06 14:08:55 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2012/07/31 06:57:15 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012/06/21 21:00:20 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012/06/11 11:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 16:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 16:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/01/25 14:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/11/08 13:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/05 08:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 17:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24wuk5w47323881
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{02C429A1-EC9B-499D-8C51-6757F5CC8A98}: "URL" = http://search.yahoo....petb&type=10753
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS365
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{731FA787-E735-4C3A-AFA6-6F76B530C3D3}: "URL" = http://findwide.com/...k={searchTerms}
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...969294562639494
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.93.44
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/15 13:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/03 17:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 10:51:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 10:51:26 | 000,000,000 | ---D | M]

[2061/11/10 09:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Extensions
[2014/03/01 15:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions
[2014/03/01 15:58:21 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins
[2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\userCode
[2014/02/25 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/25 10:51:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.27_0\
CHR - Extension: Google Docs = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files\The weDownload Manager\The weDownload Manager-bho.dll (weDownload)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\Toolbar\WebBrowser: (no name) - {9E4F853E-46FF-4AB9-B2B6-3855F1BC6D2D} - No CLSID value found.
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43FE4B32-A350-46E9-9BCB-179809506DD4}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76DAA655-FA95-4A97-8467-3E94CF14F657}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell\AutoRun\command - "" = D:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2061/11/10 09:29:17 | 000,000,000 | R--D | C] -- C:\Users\Asus\Desktop\Applications
[2061/11/10 09:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Mozilla
[2061/11/10 09:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Mozilla
[2061/11/10 08:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2061/11/10 08:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/01 16:35:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2014/03/01 15:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\The weDownload Manager
[2014/02/26 17:16:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/12 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\SG
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/03 17:11:49 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 17:11:49 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 17:04:40 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 17:04:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 17:04:21 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/01 16:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/01 16:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2014/03/01 16:07:31 | 000,001,008 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/27 10:50:03 | 000,661,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/27 10:50:03 | 000,121,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/19 09:47:29 | 000,000,681 | ---- | M] () -- C:\Windows\BRRBCOM.INI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2061/11/10 09:30:49 | 000,001,273 | ---- | C] () -- C:\Users\Asus\Documents\Norton Installation Files.lnk
[2061/11/10 08:59:57 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/04 12:18:25 | 000,022,620 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013/11/22 17:48:46 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/11/22 17:48:46 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/11/22 17:45:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/11/22 17:05:56 | 000,000,681 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2013/11/22 16:53:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/11/22 16:53:48 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/11/22 16:53:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC12A.DAT
[2013/07/26 16:39:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/07/26 16:39:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/07/26 13:58:44 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2013/07/26 13:58:44 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2013/07/26 13:54:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/15 17:53:46 | 000,103,784 | ---- | C] () -- C:\Users\Asus\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/22 17:54:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ControlCenter4
[2013/07/26 13:55:50 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\E-Cam
[2013/11/08 05:21:01 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ID Vault
[2014/01/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola
[2014/01/06 10:05:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola Mobility
[2013/11/22 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nuance
[2014/01/04 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2014/01/04 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 46E3-EC57
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Asus
07/26/2013 12:43 PM <JUNCTION> Application Data [C:\Users\Asus\AppData\Roaming]
07/26/2013 12:43 PM <JUNCTION> Cookies [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Cookies]
07/26/2013 12:43 PM <JUNCTION> Local Settings [C:\Users\Asus\AppData\Local]
07/26/2013 12:43 PM <JUNCTION> My Documents [C:\Users\Asus\Documents]
07/26/2013 12:43 PM <JUNCTION> NetHood [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/26/2013 12:43 PM <JUNCTION> PrintHood [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/26/2013 12:43 PM <JUNCTION> Recent [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Recent]
07/26/2013 12:43 PM <JUNCTION> SendTo [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\SendTo]
07/26/2013 12:43 PM <JUNCTION> Start Menu [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu]
07/26/2013 12:43 PM <JUNCTION> Templates [C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Asus\AppData\Local
07/26/2013 12:43 PM <JUNCTION> Application Data [C:\Users\Asus\AppData\Local]
07/26/2013 12:43 PM <JUNCTION> History [C:\Users\Asus\AppData\Local\Microsoft\Windows\History]
07/26/2013 12:43 PM <JUNCTION> Temporary Internet Files [C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Asus\Documents
07/26/2013 12:43 PM <JUNCTION> My Music [C:\Users\Asus\Music]
07/26/2013 12:43 PM <JUNCTION> My Pictures [C:\Users\Asus\Pictures]
07/26/2013 12:43 PM <JUNCTION> My Videos [C:\Users\Asus\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 94,688,669,696 bytes free

< End of report >

===============
Extras
===============
OTL Extras logfile created on: 3/3/2014 5:14:39 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.55% Memory free
3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 88.18 Gb Free Space | 59.20% Space Free | Partition Type: NTFS

Computer Name: ASUS1001P | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B33B31-9C36-41C7-B99C-7B1C51FBD6CF}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{0FE8555E-7430-4C1A-A3CE-A526A21F1EEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{16B4CFFD-B149-482F-B897-547D5F65E9F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{195A7B47-7E9F-4F7C-8474-B2DF1F463F3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{377BDDE3-D705-4AF7-B25F-670CE46FE69D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3A71F148-8426-4542-899D-12AAE6CCE9FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D027011-123E-4EB7-8628-92748FE4C745}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F0EBB92-8D0C-4DC8-8B26-C98E1E189768}" = lport=137 | protocol=17 | dir=in | app=system |
"{47334CAE-4D64-4D6E-9172-11B584916A11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B967E5E-0BCE-472B-A149-4D34C5F19962}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C66A20A-8389-49E9-8F11-A965B673AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D571E28-BA13-4E37-A301-51A673D79DE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D6A2A38-7398-45D4-A30B-20A782700DA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C061864-429A-4B76-8DDD-4DE183A19C54}" = lport=139 | protocol=6 | dir=in | app=system |
"{72E923C3-5758-4D22-A3F0-50B3471D420C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F220951-5A12-4CEE-8D73-3FA3037B1C3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{7F314650-FEDE-47E5-B48C-0F55D45AB20E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89BBE375-C34B-45FE-BEF7-D3C34C904EEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD863487-205A-4D6D-AC07-7C887A512DF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B33B0AC1-C79E-4BFC-AF24-3CD728DD153A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B67B3737-A2D3-43E8-87E2-B817B408A20F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCCA5019-FB60-4641-8ADC-2AFA15E45087}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2EA610F-21CC-4B9E-A9FC-871009DF86AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7CB3E88-EEAF-478B-88E3-6A47EBC21299}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9C78F46-6CCB-4C2F-9665-D0A0E356C542}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030C51F-6A5A-4237-BD5E-9943BD767603}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{04E8B8FD-C4C3-4451-82A3-D505960A3BC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41EBB389-5C1E-4B61-881A-9DF83170BE0D}" = protocol=1 | dir=in | [email protected],-28543 |
"{47AB9EF5-63B0-4528-B6BF-1231EBE84504}" = protocol=6 | dir=out | app=system |
"{545EFD6F-6D63-44DF-923D-49F9F220CF54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E782359-4CEA-49D9-99B3-ACA983073D62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{676BBFD5-683C-4D42-8D85-046E14C45EB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FD9BF2E-9F9E-45C6-8747-A706308FFB1C}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl12d\faxrx.exe |
"{71B3BDE0-F002-44CF-A749-BC32AA9742DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EB20767-08C0-43DA-B8FF-5F2674A78CD3}" = protocol=1 | dir=out | [email protected],-28544 |
"{81A0899B-C3BC-4893-84A3-DAB91EAA5072}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D77F663-0B17-4210-B044-118FEB3053CD}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl12d\faxrx.exe |
"{9CA8DC6A-EB59-45EB-9BCD-16DA7E01FB7A}" = dir=in | app=c:\users\asus\appdata\local\tnt2\2.0.0.1676\tnt2user.exe |
"{ABE4B727-B985-4157-830E-2C8BB89EE9C8}" = protocol=58 | dir=in | [email protected],-28545 |
"{B384BFBC-DDB9-4952-B2A4-CB85370FCA11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA6734C5-4A85-4A0C-BFDC-C56119561DE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0494B08-50DE-4252-B5F3-B8C4B3959758}" = protocol=58 | dir=out | [email protected],-28546 |
"{D8B891EF-ED7D-485B-ADCD-EE1BA678FD8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E178EBC7-6ACD-4BCB-A9D3-FEE68D7BCDE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{88B5FBDC-967D-4B1F-B291-39284AE12201}" = Nuance PaperPort 12
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{E98A9C92-E767-475B-8BC6-8780A86DDC72}" = Brother MFL-Pro Suite MFC-9340CDW
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The weDownload Manager" = The weDownload Manager
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2013 6:54:52 PM | Computer Name = Asus1001P | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/11/22 17:54:52.572]: [00002236]: Initialize TwdsMain
Class failed!

Error - 1/3/2014 1:16:41 PM | Computer Name = Asus1001P | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Brother\Brmfl12d\NetScn\dpinstx64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2014 1:31:54 AM | Computer Name = Asus1001P | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Brother\Brmfl12d\NetScn\dpinstx64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2014 9:18:06 PM | Computer Name = Asus1001P | Source = VSS | ID = 8194
Description =

Error - 1/6/2014 11:22:37 AM | Computer Name = Asus1001P | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 64c Start
Time: 01cf0aea1609047b Termination Time: 311 Application Path: C:\Windows\Explorer.EXE

Report
Id: 5b893bfc-76e6-11e3-935e-485b39224028

Error - 1/14/2014 3:12:45 PM | Computer Name = Asus1001P | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 26.0.0.5087, time
stamp: 0x52a0d273 Faulting module name: xul.dll, version: 26.0.0.5087, time stamp:
0x52a0d20a Exception code: 0xc0000005 Fault offset: 0x0014e1a8 Faulting process id:
0x1650 Faulting application start time: 0x01cf11556839d795 Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: d8d6b855-7d4f-11e3-be44-485b39224028

Error - 1/23/2014 7:10:01 AM | Computer Name = Asus1001P | Source = MsiInstaller | ID = 11303
Description =

Error - 1/23/2014 7:10:02 AM | Computer Name = Asus1001P | Source = MsiInstaller | ID = 1024
Description =

Error - 2/12/2014 2:46:55 PM | Computer Name = Asus1001P | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Brother\Brmfl12d\NetScn\dpinstx64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/1/2014 5:57:48 PM | Computer Name = Asus1001P | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 764 Start Time:
01cf3596356121d2 Termination Time: 15 Application Path: C:\Users\Asus\Downloads\OTL.exe

Report
Id:

[ OSession Events ]
Error - 11/22/2013 7:09:42 PM | Computer Name = Asus1001P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 801
seconds with 240 seconds of active time. This session ended with a crash.

[ timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 2/27/2014 11:36:30 AM | Computer Name = Asus1001P | Source = DCOM | ID = 10010
Description =

Error - 3/1/2014 4:42:31 PM | Computer Name = Asus1001P | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/1/2014 4:48:43 PM | Computer Name = Asus1001P | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/3/2014 6:04:49 PM | Computer Name = Asus1001P | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

===============
aswMBR
===============
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-03 17:48:28
-----------------------------
17:48:28.396 OS Version: Windows 6.1.7601 Service Pack 1
17:48:28.397 Number of processors: 2 586 0x1C0A
17:48:28.403 ComputerName: ASUS1001P UserName: Asus
17:48:31.647 Initialize success
17:48:51.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:48:51.131 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
17:48:51.281 Disk 0 MBR read successfully
17:48:51.292 Disk 0 MBR scan
17:48:51.308 Disk 0 Windows 7 default MBR code
17:48:51.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:48:51.348 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
17:48:51.369 Disk 0 scanning sectors +312578048
17:48:51.567 Disk 0 scanning C:\Windows\system32\drivers
17:49:01.654 Service scanning
17:49:04.996 Service BHDrvx86 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys **LOCKED** 5
17:49:06.146 Service ccSet_N360 C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys **LOCKED** 5
17:49:08.097 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
17:49:08.592 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
17:49:11.582 Service IDSVix86 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSvix86.sys **LOCKED** 5
17:49:15.466 Service NAVENG C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140303.001\NAVENG.SYS **LOCKED** 5
17:49:15.594 Service NAVEX15 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140303.001\NAVEX15.SYS **LOCKED** 5
17:49:21.716 Service SRTSPX C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS **LOCKED** 5
17:49:22.427 Service SymDS C:\Windows\system32\drivers\N360\1501000.012\SYMDS.SYS **LOCKED** 5
17:49:22.539 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
17:49:22.643 Service SymIRON C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS **LOCKED** 5
17:49:22.764 Service SymNetS C:\Windows\system32\drivers\N360\1501000.012\SYMNETS.SYS **LOCKED** 5
17:49:28.475 Modules scanning
17:49:50.705 Disk 0 trace - called modules:
17:49:50.745 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
17:49:50.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86407030]
17:49:50.790 3 CLASSPNP.SYS[8898359e] -> nt!IofCallDriver -> [0x8495c958]
17:49:50.816 5 ACPI.sys[880b63d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84575028]
17:49:50.837 Scan finished successfully
17:50:28.998 Disk 0 MBR has been saved successfully to "C:\Users\Asus\Documents\GeekstoGo\MBR.dat"
17:50:29.027 The log file has been saved successfully to "C:\Users\Asus\Documents\GeekstoGo\aswMBR.03MAR2014.txt"


===============
ADWcleaner
===============
# AdwCleaner v3.020 - Report created 03/03/2014 at 17:52:24
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Asus - ASUS1001P
# Running from : C:\Users\Asus\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\user.js
Folder Found : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\Extensions\[email protected]e264651bb.com
Folder Found C:\Program Files\The weDownload Manager

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\The weDownload Manager
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901174}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44e35585-da14-483a-a4fd-dd2b7a479d6e}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44e35585-da14-483a-a4fd-dd2b7a479d6e}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b886051-11fc-4559-8b70-84d6ace8a40b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b886051-11fc-4559-8b70-84d6ace8a40b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager
Key Found : HKLM\Software\The weDownload Manager

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\prefs.js ]

Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationThankYouPage", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationTime", 1393707471);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.active", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbar", "NA");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbarenhanced", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.backgroundver", 1);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.certdomaininstaller", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.changeprevious", false);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app49074%22%3A%22app49[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Sat Mar 08 2014 16:07:52 GMT-0500 (Eastern Sta[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Sun Mar 02 2014 16:07:52 GMT-0500 (Eastern Standa[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22appName%22%3A%22The%20weDo[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.value", "%221393707471%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-%2[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_aoi.value", "%221393708090%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_parent_zoneid.value", "%22485704%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.value", "%224428e61e-a5d0-5254-1741-6e17931c79fb%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.domain", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.enablesearch", false);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.homepage", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.iframe", false);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22D86BB0344C14452E9D0DE95035153[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern [...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22D86BB0344C14452E9D0D[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.value", "44");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A479259%2C%22ver%22%3A1%2[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.expiration", "Sat Mar 01 2014 22:07:50 GMT-0500 (Eastern Standard T[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Sta[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.expiration", "Fri May 30 2014 17:39:15 GMT-0400 (Eastern Dayl[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard T[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.value", "%22ff%22");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22D86BB034[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Easter[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Ea[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Mar 02 2014 04:09:08 GMT-[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//www.freevideodownloadf[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eas[...]
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastDailyReport", "1393708067148");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastUpdate", "1393708067100");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.manifesturl", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.name", "The weDownload Manager");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.newtab", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.opensearch", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49074/plugins/093/ff/plugins.json");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsversion", 40);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.publisher", "weDownload");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.searchstatus", 0);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.setnewtab", false);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.thankyou", "");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.updateinterval", 360);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.ver", 44);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.FilesValidatorDueTime", "1393708126232");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.apps", "49074");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.bic", "1447f796437b722f4f76e4ef8f4736fe");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.cid", 49074);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.firstrun", false);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.hadappinstalled", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.installationdate", 1393708066);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.modetype", "production");
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.reportInstall", true);
Line Found : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.statsDailyCounter", 1);
Line Found : user_pref("extensions.crossrider.bic", "1447f796437b722f4f76e4ef8f4736fe");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20047 octets] - [03/03/2014 17:52:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20108 octets] ##########

===============
Checkup
===============
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 12.0.0.44
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :)

It's not looking too bad, a few items to clean. Chrome looks ok to me but FF and IE need a clean.

Today I installed a driver for the Xitel MD-Port-DG2 Digital PCLink (TOSLINK) device and also downloaded and installed Musicmatch Jukebox Plus.

From what site?

Follow in the order given


1. Uninstall

The following program\s are considered Malware or display suspicious behaviour so please uninstall listed programs.

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:

  • The weDownload Manager


2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{02C429A1-EC9B-499D-8C51-6757F5CC8A98}: "URL" = http://search.yahoo....petb&type=10753
    IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
    IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{731FA787-E735-4C3A-AFA6-6F76B530C3D3}: "URL" = http://findwide.com/...k={searchTerms}
    IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...969294562639494
    IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    [2014/03/01 15:58:21 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com
    [2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData
    [2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins
    [2014/03/01 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\userCode
    O2 - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files\The weDownload Manager\The weDownload Manager-bho.dll (weDownload)
    O3 - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\Toolbar\WebBrowser: (no name) - {9E4F853E-46FF-4AB9-B2B6-3855F1BC6D2D} - No CLSID value found.

    :FILES
    C:\Program Files\The weDownload Manager
    ipconfig /flushdns /c

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.


4. Junkware Removal Tool

Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Things I want to see in your next post.

  • OTL fix.txt
  • ADWcleaner results.
  • JRT.txt

  • 0

#5
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I can't remember the site I downloaded Musicmatch Jukebox Plus from.
Also after two separate attempts, I am unable to uninstall TheweDownloadManager.

Here's the logs requested.

OTL Log.
===============
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\SearchScopes\{02C429A1-EC9B-499D-8C51-6757F5CC8A98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C429A1-EC9B-499D-8C51-6757F5CC8A98}\ not found.
Registry key HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\SearchScopes\{731FA787-E735-4C3A-AFA6-6F76B530C3D3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731FA787-E735-4C3A-AFA6-6F76B530C3D3}\ not found.
Registry key HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\skin folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\locale\en-US folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\locale folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\userCode folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\defaults\preferences folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\defaults folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\chrome\content\core folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\chrome\content\api folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\chrome\content folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\chrome folder moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com folder moved successfully.
Folder C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\ not found.
Folder C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\ not found.
Folder C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\userCode\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}\ deleted successfully.
C:\Program Files\The weDownload Manager\The weDownload Manager-bho.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9E4F853E-46FF-4AB9-B2B6-3855F1BC6D2D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E4F853E-46FF-4AB9-B2B6-3855F1BC6D2D}\ not found.
========== FILES ==========
C:\Program Files\The weDownload Manager folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Asus\Desktop\cmd.bat deleted successfully.
C:\Users\Asus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Asus
->Temp folder emptied: 59786416 bytes
->Temporary Internet Files folder emptied: 16789034 bytes
->Java cache emptied: 939898 bytes
->FireFox cache emptied: 280756059 bytes
->Google Chrome cache emptied: 361168888 bytes
->Flash cache emptied: 3639 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 236056685 bytes
RecycleBin emptied: 37619573 bytes

Total Files Cleaned = 947.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03042014_075958

Files\Folders moved on Reboot...
C:\Windows\temp\CR_4B7C0.tmp\setup.exe moved successfully.
File\Folder C:\Windows\temp\CE8B.tmp not found!
C:\Windows\temp\chrome_installer.log moved successfully.
File\Folder C:\Windows\temp\FFEB.tmp not found!
C:\Windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ADWcleaner
===============
# AdwCleaner v3.020 - Report created 04/03/2014 at 08:16:26
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Asus - ASUS1001P
# Running from : C:\Users\Asus\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END
File Deleted : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\prefs.js ]

Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app49074%22%3A%22app49[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Sat Mar 08 2014 16:07:52 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Sun Mar 02 2014 16:07:52 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22appName%22%3A%22The%20weDo[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A479259%2C%22ver%22%3A1%2[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1447f796437b722f4f76e4ef8f4736fe");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20189 octets] - [03/03/2014 17:52:24]
AdwCleaner[R1].txt - [4237 octets] - [04/03/2014 08:13:25]
AdwCleaner[S0].txt - [4214 octets] - [04/03/2014 08:16:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4274 octets] ##########

JRT log.
===============
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by Asus on Tue 03/04/2014 at 8:29:41.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\1l3jue6u.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 8:41:16.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Good job :)

The majority of Wedownload was removed in the last fix. Does the icon still appear in Programs and Features? If so step 1 will deals with this. If not then onto step 2.


1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]
    :REG
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. DOWNLOAD and INSTALL MALWAREBYTES

  • using this link download and install Malwarebytes
  • Before clicking Finish Uncheck the Start Free Trial checkbox if present and Select the Update and Launch Checkboxes.
  • Click Finish
  • Any updates found will now be installed and the main screen loads.
  • Select Perform quick scan and click Scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • When complete, a log will open in Notepad. Please paste this in your next reply.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log


3. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Things I want to see in your next post.

  • OTL fix.txt if run.
  • Malwarebytes results
  • ESET log
  • How is the PC running? Browsers all ok?

  • 0

#7
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Here is the info requested.

Computer seems to be running much better now with all browsers. Multiple tabs are no longer opening in Mozilla Firefox and IE also seems to run better. The weDownload Manager is uninstalled.

Thank you for your assistance. :thumbsup:

===============
OTL Fix
===============
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03052014_062508

===============
Malwarebytes info
===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.05.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16798
Asus :: ASUS1001P [administrator]

3/5/2014 6:31:56 AM
mbam-log-2014-03-05 (06-31-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203342
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\AppDataLow\Software\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKLM\Software\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Public\VisualBee (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Asus\Documents\Downloads\dropbox setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Asus\Documents\Downloads\winamp5572_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Asus\Downloads\musicmatch jukebox setup.exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Users\Public\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Public\VisualBee\VisualBeeDB.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

(end)

===============
ESET Scan
===============
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c6a50f366339db49bcfb66d9d4af4582
# engine=17325
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-05 03:49:38
# local_time=2014-03-05 10:49:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 9357172 145579369 0 0
# scanned=146444
# found=20
# cleaned=0
# scan_time=13321
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Asus\Documents\Downloads\cbsidlm-tr1_10a-Calibre-ORG-10910277.exe"
sh=5F54D82D964FFD710F1119BCD92C504116D9A02C ft=1 fh=6e877bb14a09976f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Asus\Documents\Downloads\WinZip170.exe"
sh=13EF617D0FAF5126A3BAF07862CA65D862272D3A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Program Files\The weDownload Manager\49074.xpi"
sh=8ED5FE6B450E0CEE5BF524A893807126B6BC5E9B ft=1 fh=3a4703d307559098 vn="Win32/Toolbar.CrossRider.Z potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Program Files\The weDownload Manager\The weDownload Manager-bg.exe"
sh=EE71A03492186DA6198F373375EF16286FD5AE35 ft=1 fh=c71c00110c44eec7 vn="Win32/Toolbar.CrossRider.Z potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Program Files\The weDownload Manager\The weDownload Manager-bho.dll"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\102_dealply_m.js"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\103_intext_5_m.js"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\104_jollywallet_m.js"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\105_corticas_m.js"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\123_intext_adv_m.js"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\155_ibario_pops_m.js"
sh=D9DF0722882055C5C11AFD602D505B2E7EA9AFC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\184_noproblemppc_m.js"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\191_ciuvo_m.js"
sh=04233EDE7DF01DAC825FEAD78765038021632584 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\217_similar_products_m.js"
sh=7CD82C8AAFF59D7A1E7625012490985C70AD0157 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\223_imonomy_m.js"
sh=5E80029240BA4FF3B3E3010BB40E6867D0999160 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\226_set_campaign_id_m.js"
sh=DE138BFD2293B4197712198C41377CE6A89E6200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js"
sh=E0F8250FB3FFBCB394862C11971C43A7B3B6BD17 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js"
sh=EC265E1DAA7701D7B892C8C28C73148379BD6D04 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03042014_075958\C_Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions\[email protected]e264651bb.com\extensionData\plugins\93_superfish_no_coupons_m.js"
  • 0

#8
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Great news and thanks for sticking with me :)

I think your troubles stem from program installers or the website you use to download. I'm wondering if you click Next, Next, Next, install without checking all the screens :whistling:

It's a very common thing not to check installer screens but they quite often bundle in other programs and can be quite sneaky about it. More on this in my last post.

For now, follow in the order given. :thumbsup:


1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :FILES
    C:\Users\Asus\Documents\Downloads\cbsidlm-tr1_10a-Calibre-ORG-10910277.exe
    C:\Users\Asus\Documents\Downloads\WinZip170.exe

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. Update Internet Explorer

  • Use this link to download IE11
  • Choose Language, version (Windows 7 SP1 32-bit) then download and run.
  • Once installed open IE and use recommended settings.


3. OTL Scan

Due to the amount found in the previous logs, I would like a double check that all is well.

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply


Things I want to see in your next post.

  • OTL fix.txt
  • OTL.txt

  • 0

#9
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, still with me? :)
  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Topic reopened at users request. Welcome back Beabruin. :)

Please carry on from Post 8
  • 0

#12
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Here are the logs as requested.

===============
OTL Run Fix
===============
========== FILES ==========
C:\Users\Asus\Documents\Downloads\cbsidlm-tr1_10a-Calibre-ORG-10910277.exe moved successfully.
C:\Users\Asus\Documents\Downloads\WinZip170.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03132014_060031
===============
OTL Log
===============
OTL logfile created on: 3/13/2014 6:25:56 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.11% Memory free
3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 86.39 Gb Free Space | 58.00% Space Free | Partition Type: NTFS

Computer Name: ASUS1001P | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 17:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 17:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/07/27 02:01:15 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/19 17:30:02 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/11/19 17:24:46 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/06/27 16:09:00 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/02 17:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 17:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011/08/01 14:07:18 | 000,425,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 10:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/25 12:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/10/16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/14 17:01:09 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\072c6f97b71b661c7ceb5f071421e0be\IAStorUtil.ni.dll
MOD - [2014/02/14 16:42:44 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/14 16:42:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 16:39:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 16:39:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 16:38:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 16:37:52 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 16:37:38 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 16:37:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 16:37:17 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2014/03/13 06:08:56 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/25 11:51:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/18 17:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/07/27 02:11:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/07/13 13:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/08/02 17:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/03/07 13:14:41 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140311.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/02/22 12:14:18 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/22 12:14:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.032\NAVENG.SYS -- (NAVENG)
DRV - [2013/12/17 20:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 06:09:04 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 06:09:04 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/06 15:08:55 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 23:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 22:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 22:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 23:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 22:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 22:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 21:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2012/07/31 07:57:15 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012/06/21 22:00:20 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012/06/11 12:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 17:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 17:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/01/25 15:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/11/08 14:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/05 09:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/01/29 19:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24wuk5w47323881
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24wuk5w47323881
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS365
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/15 14:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/13 06:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 11:51:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/25 11:51:26 | 000,000,000 | ---D | M]

[2061/11/10 10:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Extensions
[2014/03/04 09:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default\extensions
[2014/02/25 11:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/25 11:51:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/25 12:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.27_0\
CHR - Extension: Google Docs = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1216307322-1756439622-2401019485-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43FE4B32-A350-46E9-9BCB-179809506DD4}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76DAA655-FA95-4A97-8467-3E94CF14F657}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{443c9de5-76dd-11e3-935e-485b39224028}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell - "" = AutoRun
O33 - MountPoints2\{71f68979-7c7f-11e3-be44-485b39224028}\Shell\AutoRun\command - "" = D:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2061/11/10 10:29:17 | 000,000,000 | R--D | C] -- C:\Users\Asus\Desktop\Applications
[2061/11/10 10:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Mozilla
[2061/11/10 10:00:08 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Mozilla
[2061/11/10 09:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2061/11/10 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/05 08:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/03/05 07:30:23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Malwarebytes
[2014/03/05 07:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/05 07:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/05 07:29:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/05 07:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/04 09:29:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/04 09:25:03 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Asus\Desktop\JRT.exe
[2014/03/04 08:59:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 18:52:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/03 18:47:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Asus\Desktop\aswmbr.exe
[2014/03/03 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\GeekstoGo
[2014/03/01 17:35:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2014/02/26 18:16:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 11:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/12 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\SG

========== Files - Modified Within 30 Days ==========

[2014/03/13 06:22:49 | 000,661,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/13 06:22:49 | 000,121,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/13 06:22:46 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/13 06:22:46 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/13 06:17:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/13 06:17:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/13 06:16:55 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/13 06:08:56 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/03/13 05:59:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/05 07:29:59 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 09:25:05 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Asus\Desktop\JRT.exe
[2014/03/03 18:57:59 | 000,987,425 | ---- | M] () -- C:\Users\Asus\Desktop\SecurityCheck.exe
[2014/03/03 18:51:22 | 001,244,192 | ---- | M] () -- C:\Users\Asus\Desktop\AdwCleaner.exe
[2014/03/03 18:47:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Asus\Desktop\aswmbr.exe
[2014/03/01 17:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2014/03/01 17:07:31 | 000,001,008 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/19 10:47:29 | 000,000,681 | ---- | M] () -- C:\Windows\BRRBCOM.INI

========== Files Created - No Company Name ==========

[2061/11/10 10:30:49 | 000,001,273 | ---- | C] () -- C:\Users\Asus\Documents\Norton Installation Files.lnk
[2061/11/10 09:59:57 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/13 06:08:56 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/03/05 07:29:59 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/03 18:57:57 | 000,987,425 | ---- | C] () -- C:\Users\Asus\Desktop\SecurityCheck.exe
[2014/03/03 18:51:01 | 001,244,192 | ---- | C] () -- C:\Users\Asus\Desktop\AdwCleaner.exe
[2014/01/04 13:18:25 | 000,022,620 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013/11/22 18:48:46 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/11/22 18:48:46 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/11/22 18:45:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/11/22 18:05:56 | 000,000,681 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2013/11/22 17:53:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/11/22 17:53:48 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/11/22 17:53:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC12A.DAT
[2013/07/26 17:39:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/07/26 17:39:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/07/26 14:58:44 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2013/07/26 14:58:44 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2013/07/26 14:54:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/15 18:53:46 | 000,103,784 | ---- | C] () -- C:\Users\Asus\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/22 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ControlCenter4
[2013/07/26 14:55:50 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\E-Cam
[2013/11/08 06:21:01 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ID Vault
[2014/01/11 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola
[2014/01/06 11:05:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Motorola Mobility
[2013/11/22 18:38:15 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nuance
[2014/01/04 12:39:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2014/01/04 12:39:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

< End of report >
  • 0

#13
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hey there, glad your still with me :)

Looking good bar one thing. The proxy settings in IE I would like you to look at for me.


1. Internet Options

  • Click Start - Control Panel - Network and Internet - Internet Options
  • In the window that opens, click the Connections tab. Now click Lan Settings
  • Ensure that only the Automatically detect settings box is checked. Uncheck any others, as below:

    proxy.jpg
  • Now click O.K and again on the Internet Options window.


Other than that and subject to no further problems, I will remove the tools used and leave you with some parting advice :)

I would like you to keep Malwarebytes as a standalone scanner only. Update then run a scan once a week.

Feel free to respond to this post as I will keep it open for 48 hrs.



Dustpan and Brush


2. DELFIX by XPLODE

We need to remove the tools we've used during cleaning your machine and delete the quarantined files.

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Which I don't need to see.


3. ENSURE AUTOMATIC UPDATES ARE ENABLED

All security updates released by Microsoft must be Automatically Installed.

  • Click Start and in the search box type windows update and press ENTER.
  • Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.


Tips For A Clean Surf with Toolbar and Homepage Hijack free waves


4. CryptoPrevent

I advise you to install the following FREE program to prevent crypto ransome ware. Information on crypto ransome ware


Use this link to download and install CryptoPrevent

Avoid the following

  • Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
  • Registry Cleaners - They can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
  • PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!
  • Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking next.


The main thing is to Keep On Top Of Your Updates and run Weekly Scans with Malwarebytes and Norton.

Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems.


I will keep this post open for 48 hours if you need assistance. If after that you need help then please start a new Topic in the appropriate forum. :wave:
  • 0

#14
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Thank you for all your help.
  • 0

#15
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP