Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezes, video's buffering constantly

Started by Robin Weisbrod , Mar 08 2014 06:29 PM

  • This topic is locked This topic is locked

#1
Robin Weisbrod
Posted 08 March 2014 - 06:29 PM

Robin Weisbrod

    Member

  • Member
  • PipPip
  • 26 posts
My husband's laptop, constantly freezes up, no matter what you are doing and video's, which load just fine on my laptop, constantly are buffering. He has a Compaq with a Intel Celeron CPU [email protected] 2.19GHZ with Windows 7 Professional. I have run CC Cleaner in the past, and just read recently where ATF is the preferred cleaner, so uninstalled CC and installed ATF, and proceeded to run it. No improvement. Microsoft Security Essentials has found nothing. I have run OTL and here is the log:

OTL logfile created on: 3/8/2014 5:04:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heather\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.18 Gb Available Physical Memory | 9.08% Memory free
3.93 Gb Paging File | 0.59 Gb Available in Paging File | 14.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 191.88 Gb Free Space | 82.43% Space Free | Partition Type: NTFS

Computer Name: GW-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/08 16:58:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.exe
PRC - [2014/03/02 20:33:30 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/03/02 20:33:30 | 001,759,768 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
PRC - [2014/03/02 20:33:29 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
PRC - [2014/03/01 21:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/30 09:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/09 13:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/06/14 13:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/03/22 19:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/08 07:38:09 | 001,157,120 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_ssl.pyd
MOD - [2014/03/08 07:38:09 | 000,811,008 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._windows_.pyd
MOD - [2014/03/08 07:38:09 | 000,805,888 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._gdi_.pyd
MOD - [2014/03/08 07:38:09 | 000,712,192 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_hashlib.pyd
MOD - [2014/03/08 07:38:09 | 000,110,080 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\pywintypes27.dll
MOD - [2014/03/08 07:38:09 | 000,070,656 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._html2.pyd
MOD - [2014/03/08 07:38:09 | 000,035,840 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32process.pyd
MOD - [2014/03/08 07:38:09 | 000,026,624 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_multiprocessing.pyd
MOD - [2014/03/08 07:38:09 | 000,024,064 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32pipe.pyd
MOD - [2014/03/08 07:38:08 | 001,062,400 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._controls_.pyd
MOD - [2014/03/08 07:38:08 | 000,686,080 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\unicodedata.pyd
MOD - [2014/03/08 07:38:08 | 000,087,040 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_ctypes.pyd
MOD - [2014/03/08 07:38:08 | 000,038,912 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32inet.pyd
MOD - [2014/03/08 07:38:08 | 000,025,600 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32pdh.pyd
MOD - [2014/03/08 07:38:08 | 000,010,240 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\select.pyd
MOD - [2014/03/08 07:38:07 | 000,525,640 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\windows._lib_cacheinvalidation.pyd
MOD - [2014/03/08 07:38:07 | 000,127,488 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\pyexpat.pyd
MOD - [2014/03/08 07:38:07 | 000,119,808 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32file.pyd
MOD - [2014/03/08 07:38:07 | 000,108,544 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32security.pyd
MOD - [2014/03/08 07:38:07 | 000,018,432 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32event.pyd
MOD - [2014/03/08 07:38:07 | 000,017,408 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32profile.pyd
MOD - [2014/03/08 07:38:06 | 000,557,056 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\pysqlite2._sqlite.pyd
MOD - [2014/03/08 07:38:06 | 000,320,512 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32com.shell.shell.pyd
MOD - [2014/03/08 07:38:06 | 000,128,512 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_elementtree.pyd
MOD - [2014/03/08 07:38:06 | 000,098,816 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32api.pyd
MOD - [2014/03/08 07:38:06 | 000,044,032 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\_socket.pyd
MOD - [2014/03/08 07:38:06 | 000,022,528 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32ts.pyd
MOD - [2014/03/08 07:38:05 | 001,175,040 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._core_.pyd
MOD - [2014/03/08 07:38:05 | 000,735,232 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._misc_.pyd
MOD - [2014/03/08 07:38:05 | 000,364,544 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\pythoncom27.dll
MOD - [2014/03/08 07:38:05 | 000,122,368 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\wx._wizard.pyd
MOD - [2014/03/08 07:38:05 | 000,011,264 | ---- | M] () -- C:\Users\Heather\AppData\Local\Temp\_MEI27922\win32crypt.pyd
MOD - [2014/03/02 20:33:31 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/03/02 20:33:30 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/03/01 21:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 21:35:24 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/01 21:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 21:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 21:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 21:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 21:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2010/06/14 13:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/02 08:42:25 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/02 20:33:30 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
SRV - [2014/02/21 10:02:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/30 09:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/03/25 12:41:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/22 19:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 19:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/02 20:33:33 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/12/02 16:16:59 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/02 08:47:03 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/03/02 08:35:27 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/11/14 16:57:06 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/09 15:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/15 01:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=200593463&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 2A A2 BB 42 7E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=200593463&ir=
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8A-B10C79D559B2
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2014-02-05 22:40:37&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.startup.homepage: "http://start.mysearc...=200593463&ir="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248 [2014/03/02 20:34:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/29 14:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:15:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/29 14:55:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:15:51 | 000,000,000 | ---D | M]

[2012/08/19 15:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\mozilla\Extensions
[2013/12/07 11:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\mozilla\Firefox\Profiles\an29nxrj.default\extensions
[2013/12/07 11:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\mozilla\Firefox\Profiles\an29nxrj.default\extensions\staged
[2012/05/04 14:40:46 | 000,002,333 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\askcom.xml
[2014/02/06 06:01:36 | 000,000,861 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\conduit-search.xml
[2013/11/18 15:40:40 | 000,000,843 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\Mysearchdial.xml
[2014/02/13 08:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/13 08:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/07 12:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/05/07 12:53:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/25 12:41:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/08/02 19:48:41 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2013/08/02 19:48:47 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/12 14:28:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/03/02 20:34:11 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/03/25 12:41:30 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Silverlight (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - Extension: Entanglement Web App = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: ChromeAccess = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh\1.6_0\
CHR - Extension: Angry Birds = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Groups = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk\1.3_0\
CHR - Extension: YouTube = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Netflix = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: \u003C Media Player for Google Docs\u2122\u003E = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpaankjmfihndfdijmlddmmpglmkfimg\2.1.5_0\
CHR - Extension: MaskMe = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg\1.40.349_0\
CHR - Extension: Mahjongg = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\
CHR - Extension: Google Calendar = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1063_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1068_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1071_0\
CHR - Extension: Pandora = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Mixcloud = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcenekolminfbkcbchinlcgfhpmggpk\0.0.0.4_0\
CHR - Extension: CrazyForCrafts = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\filklcnjkojnfbkcfooccecbjbfgfpaf\5.85.3.27394_0\
CHR - Extension: PDFescape Free PDF Editor = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0\
CHR - Extension: Cozi = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcckjconkcobhlbejknfcibmdoimobh\1.0.2_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.9.2_0\
CHR - Extension: Lose It! = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
CHR - Extension: Google +1 Button = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
CHR - Extension: Next Race = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgboigbdbmnleafpmabmoocfainlmpnk\3.6.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: PadMapper = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljagjbdinjommccodelnfmkepbdoafl\1_0\
CHR - Extension: Google Maps = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Poppit = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Boomerang for Gmail = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\
CHR - Extension: Google Mail Checker = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Zoho Docs = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflhfcjfjkohgcgpldeffhlgeooejomn\1.2_0\
CHR - Extension: Curling = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhalnajmigjnpjpdbpkpgfhekbjmolhp\1.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Floor Plan Creator = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg\1.2_0\
CHR - Extension: MySearchDial = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.14_0\
CHR - Extension: Free Online TV = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\picldhpkcgmgfnmombladhakcganoghd\1.0.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1_0\
CHR - Extension: Gmail = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CB83738-22F2-41E6-AFA7-950924D9E39E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1705C9F-2B27-4A0B-99DD-862AAC30C80F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/02/20 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Nico Mak Computing
[2014/02/20 17:16:48 | 000,019,120 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2014/02/20 17:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2014/02/16 23:51:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/13 08:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2014/02/10 18:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2014/02/10 18:06:56 | 000,000,000 | ---D | C] -- C:\System.sav
[2014/02/10 17:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/02/09 14:53:10 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\My Digital Editions
[2014/02/09 14:46:33 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\VisualBeeExe
[2014/02/09 14:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/02/09 14:45:59 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\emaze
[2014/02/08 19:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/08 19:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/08 19:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/08 19:53:42 | 000,000,000 | ---D | C] -- C:\b327989e9de9d6a4e3a85ca6

========== Files - Modified Within 30 Days ==========

[2014/03/08 17:02:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/08 16:31:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/08 16:30:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/08 09:14:24 | 000,002,704 | ---- | M] () -- C:\Users\Heather\Documents\cc_20140308_091411.reg
[2014/03/08 07:45:27 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/08 07:45:27 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/08 07:37:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/08 07:37:30 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/05 21:39:34 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHeather.job
[2014/03/05 13:49:01 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/05 13:49:01 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/05 13:49:01 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/02 20:33:33 | 000,050,976 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/02/20 17:32:18 | 000,112,786 | ---- | M] () -- C:\Users\Heather\Documents\cc_20140220_173156.reg
[2014/02/19 18:19:25 | 000,003,584 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/10 18:11:04 | 000,002,221 | ---- | M] () -- C:\Users\Heather\Desktop\HP Support Assistant.lnk

========== Files Created - No Company Name ==========

[2014/03/08 09:14:16 | 000,002,704 | ---- | C] () -- C:\Users\Heather\Documents\cc_20140308_091411.reg
[2014/02/20 17:32:01 | 000,112,786 | ---- | C] () -- C:\Users\Heather\Documents\cc_20140220_173156.reg
[2014/02/19 18:19:25 | 000,003,584 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/16 15:39:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHeather.job
[2014/02/10 18:11:03 | 000,002,221 | ---- | C] () -- C:\Users\Heather\Desktop\HP Support Assistant.lnk
[2014/02/09 14:45:59 | 000,001,252 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/11/18 15:41:44 | 000,351,124 | ---- | C] () -- C:\Users\Heather\AppData\Local\mysearchdial-speeddial.crx
[2013/05/15 07:19:55 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2013/02/15 16:24:45 | 000,033,134 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\UserTile.png
[2013/01/16 20:40:52 | 000,102,248 | ---- | C] () -- C:\Users\Heather\GoToAssistDownloadHelper.exe
[2012/11/14 16:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/11/14 16:57:06 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/11/14 16:57:04 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/10/20 08:41:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/08/19 15:11:18 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/18 15:42:01 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T
[2014/01/20 14:51:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Garmin
[2013/05/15 07:35:05 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\MyHeritage
[2014/02/20 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Nico Mak Computing
[2012/08/19 15:37:12 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\ooVoo Details
[2012/08/19 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Panda Security
[2013/12/02 15:37:26 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SystemRequirementsLab
[2013/05/15 07:19:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\The Complete Genealogy Reporter - FTB

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
zep516
Posted 09 March 2014 - 01:20 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

The first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the new OTL scan I need you to do this open OTL and--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Next

We need to do a fix to delete some files using OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
DRV:64bit: - [2014/03/02 20:33:33 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=200593463&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=200593463&ir=
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=200593463&ir=
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8A-B10C79D559B2
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.startup.homepage: "http://start.mysearchdial.com/?f=1&a=sumamsd1103&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtCzy0AyD0Dzzzz0DyCtB0AtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=200593463&ir="
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248 [2014/03/02 20:34:12 | 000,000,000 | ---D | M]
[2012/05/04 14:40:46 | 000,002,333 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\askcom.xml
[2014/02/06 06:01:36 | 000,000,861 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\conduit-search.xml
[2013/11/18 15:40:40 | 000,000,843 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\Mysearchdial.xml
[2014/03/02 20:34:11 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
[2014/03/02 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.


Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here If you need help doing that.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Download Security Check by screen317 from http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post the following logs in your next reply:

  • The OTL Fix Log located here--> C:\_OTL\Moved Files
  • OTL.txt after Quick scan.
  • JRT.txt
  • AdwCleaner[R0].txt
  • checkup.txt

Thanks
Joe :)
  • 0

#3
Robin Weisbrod
Posted 09 March 2014 - 05:31 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thank you for the quick reply. Here is the Extra.txt file.

OTL Extras logfile created on: 3/8/2014 5:04:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heather\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.18 Gb Available Physical Memory | 9.08% Memory free
3.93 Gb Paging File | 0.59 Gb Available in Paging File | 14.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 191.88 Gb Free Space | 82.43% Space Free | Partition Type: NTFS

Computer Name: GW-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B92BC7-DBA1-452B-B865-8D0427C0F155}" = lport=2869 | protocol=6 | dir=in | app=system |
"{157482A1-4100-4B78-B6E7-204AD0DB0441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B0FBC24-6FC6-431B-8E6C-1793CED7275F}" = lport=137 | protocol=17 | dir=in | app=system |
"{216831A4-E353-44BD-A3D9-336FAC48B4B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{24CF5EFB-3BAF-48A7-9F03-277B5E518CC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{287E7E61-3490-49E7-B4E2-CCF4F61EDB3A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EFC8F7F-FF15-41C2-AE4E-6FEAD8797EA0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38F8F23F-4510-487A-81E7-BED9EF6CB041}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B80CA3D-CCAE-45D9-8C0A-AF2AF3EAF298}" = rport=138 | protocol=17 | dir=out | app=system |
"{4651330B-7F41-4C51-A19E-E86791BC6127}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{471C40B9-7013-4BAE-A973-9C35DB3125BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B481E97-B92E-4C46-A6B6-96370BC778A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53037066-14C1-41FC-B2E0-4FD0DDC27A6C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{547743D6-24AC-4E80-A664-1F706345C9A9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BA45242-7FDB-41D5-9A07-E5A003DA3928}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72B45D48-17C9-400D-BFCD-0999F1501BF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7397749E-851E-4D5F-97A7-1A7DE09DC3C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75400E50-05F5-40D4-A0CB-DC4EE83F4F44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81151CA4-828D-4661-B6E8-972D79BBB465}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8318EDAF-C292-4CD6-BECC-CCA945F493FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{860D8774-AD51-4E24-9C94-479E56EE1CE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8A929A1E-CE0C-4720-B654-F11E011800C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EC78474-606A-4F0C-AF8A-DF58217FDEE7}" = rport=139 | protocol=6 | dir=out | app=system |
"{906610AA-5184-4BCF-940A-0C3E619FC26D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{97D7EB5D-4D87-49AD-8B33-7FFE8920CF91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AF938C0-5DCB-4EE6-B3D1-16A43319EA16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DC89AFC-618A-4950-91F8-66DCFF1B4510}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FE02666-5716-4DF1-8CBE-B73ACCBC822B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9CC5F3E-4079-4996-92F2-0787DF4AAF1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7DDE9A-7EE1-4BAF-B050-45BAA6C10695}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3DD90BE-57AC-40CA-B31A-C62AA7156889}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4746460-076F-4637-AB6F-25B7FBA30CC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{B77FF82A-C235-4617-AA06-C016313A2F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6EFBE9E-F39C-401F-966C-81462D3F29AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D577AA72-5C06-4785-BE55-455F1AEB03A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7FB5B95-C9EC-4456-90B2-75C4E6E0358C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E9A7264B-D1E1-42BB-B58A-774873B7179A}" = lport=445 | protocol=6 | dir=in | app=system |
"{EFB2F519-1600-480F-A62F-E854C2D4A9E0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1E390DD-B3DD-4857-9BF9-03AE4D4CC3D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042790BB-2E9D-4D92-9A96-60FB44062505}" = protocol=58 | dir=in | [email protected],-148 |
"{07EC2B24-572C-4EED-A669-79ACDD2A3D99}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0D872321-9EB3-4751-8D51-05DFFF04D7F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{0D90774D-704A-4B63-86BD-C92646E6BDDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{119C77AB-5D1F-4CE5-B573-C3F289C2878E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A1F649C-5630-442F-B453-F7975564D052}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DDF9387-13FD-49B7-BD31-541FEBB1F3B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8ABDA2-4FC1-49A1-8750-0463885F9C1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24A4A479-3E51-4EA8-B6F4-D60AF0A827FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29210D08-FC3D-46FB-A7F4-15E0C98D5CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{454B97C4-8506-4DB9-A514-CF3EED4538A1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{4AAFFE68-5EFC-42BC-B869-E84C8B4CB8D2}" = protocol=58 | dir=in | [email protected],-28545 |
"{4B4A0467-4A7F-4088-BF5F-BA66D186911E}" = protocol=1 | dir=out | [email protected],-28544 |
"{4EB376B5-B1DC-4BC8-8F60-21C9692A78E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52351FB9-2285-4391-830E-D1759BDC527C}" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{5A6A6BD6-5AC2-4444-B7F9-B070AC7067DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{635F1BFD-6769-45BD-81F9-07157A60F551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64DBC583-2D97-487B-9AA8-9E28F02E316F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66DCFD4C-9E44-4B7B-837E-CBF1736BA1F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69527B69-5CDD-47C8-8E84-700D01DD0AB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{78E4A293-F99F-48DA-9382-DF22B337AB6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D86D0FB-8513-41A7-A4B1-93EC68468779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FE194CB-1E62-4838-86F2-6F306200628A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87F2E3AA-ABD7-4EAF-A381-583EDDE914BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93965F65-390F-404C-A344-14D8EE43DA09}" = protocol=6 | dir=out | app=system |
"{95E97A2E-720F-4E1B-8E4C-9CF2CB9D8CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{9A9FEED7-4E55-442B-B564-2C882569F647}" = protocol=58 | dir=out | [email protected],-28546 |
"{9BA4DED8-7963-47C4-BEEB-38F40BCE45F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABF75EE8-1967-4D88-A209-89BB117AD258}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF9B3356-689A-4070-AC58-8DDD85AF63AA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D3EB77CD-6510-408A-95F6-4608B0B01983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA10F169-85D4-4FDF-A15C-9FFCAE80FE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F645D500-23A3-485A-B487-14F9FE815123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA36004C-78C0-4512-9FB4-C329147CAFEB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{3E4782BC-672E-48F6-A445-673EEDD9419F}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{D537294A-1ACA-43B0-B1E9-08A8E7A79BD2}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{ECA19542-A823-4D4A-A570-EB169758927A}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{7941C5D3-FF8F-410E-9FD9-AD5F612AFFBD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{931A020F-0C42-4BD4-8464-086C52B55D43}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{F88C1B68-9376-4D3B-983F-E292E414131D}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0904cc72-1b29-426a-b0f0-228d2744a4f6}" = Garmin Express
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18FEC022-D8CE-48DF-A57A-1085D4F58F6E}" = Elevated Installer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9608B011-02E9-4A66-A0FC-3264A79F808A}" = Garmin Express
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{CB47925A-50F0-493A-B3B0-3F6C632FCE8D}" = Garmin Express Tray
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Ares" = Ares 2.1.8
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Family Tree Builder" = MyHeritage Family Tree Builder
"Google Chrome" = Google Chrome
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoScape Packages" = PhotoScape Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2013 10:20:25 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6146

Error - 10/29/2013 10:20:25 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6146

Error - 10/29/2013 10:20:26 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2013 10:20:26 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7472

Error - 10/29/2013 10:20:26 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7472

Error - 10/29/2013 10:20:27 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2013 10:20:27 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8502

Error - 10/29/2013 10:20:27 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8502

Error - 10/29/2013 10:20:29 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2013 10:20:29 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9937

[ System Events ]
Error - 3/7/2014 9:10:19 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =

Error - 3/7/2014 10:22:40 PM | Computer Name = GW-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/7/2014 10:22:40 PM | Computer Name = GW-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the EFS service.

Error - 3/7/2014 10:22:45 PM | Computer Name = GW-PC | Source = DCOM | ID = 10010
Description =

Error - 3/7/2014 11:47:38 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =

Error - 3/8/2014 12:17:40 AM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =

Error - 3/8/2014 8:37:58 AM | Computer Name = GW-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
lsnfd

Error - 3/8/2014 11:07:50 AM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =

Error - 3/8/2014 12:37:53 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =

Error - 3/8/2014 3:17:40 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =


< End of report >
  • 0

#4
Robin Weisbrod
Posted 09 March 2014 - 05:49 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OTL Moved Files

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Mysearchdial" removed from browser.search.selectedEngine
Prefs.js: "http://start.mysearc...=200593463&ir=" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248 folder moved successfully.
C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\askcom.xml moved successfully.
C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\conduit-search.xml moved successfully.
C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\searchplugins\Mysearchdial.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll not found.
C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
C:\ProgramData\AVG Secure Search folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Heather\Downloads\cmd.bat deleted successfully.
C:\Users\Heather\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heather
->Temp folder emptied: 73646130 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 2371431 bytes
->FireFox cache emptied: 69641493 bytes
->Google Chrome cache emptied: 226176752 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7444072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 13411319 bytes

Total Files Cleaned = 375.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03092014_073702

Files\Folders moved on Reboot...
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll not found!
File\Folder C:\Users\Heather\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
Robin Weisbrod
Posted 09 March 2014 - 06:37 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Heather on Sun 03/09/2014 at 8:09:41.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181106}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deals Plugin Extension-InternalInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deals Plugin Extension-InternalInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deals Plugin Extension_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deals Plugin Extension_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181106}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deals Plugin Extension-InternalInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deals Plugin Extension-InternalInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deals Plugin Extension_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deals Plugin Extension_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Heather\appdata\local\deals plugin extension"
Successfully deleted: [Folder] "C:\Users\Heather\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"



~~~ FireFox

Successfully deleted: [File] C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\user.js
Successfully deleted: [Folder] C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\extensions\staged
Emptied folder: C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\an29nxrj.default\minidumps [55 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Heather\appdata\local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
Successfully deleted: [Folder] C:\Users\Heather\appdata\local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/09/2014 at 8:18:36.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
Robin Weisbrod
Posted 09 March 2014 - 10:09 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ADWCleaner:

# AdwCleaner v3.020 - Report created 09/03/2014 at 12:03:20
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Heather - GW-PC
# Running from : C:\Users\Heather\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Heather\AppData\Local\emaze
Folder Deleted : C:\Users\Heather\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Heather\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\an29nxrj.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4706 octets] - [09/03/2014 11:59:25]
AdwCleaner[S0].txt - [4408 octets] - [09/03/2014 12:03:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4468 octets] ##########
  • 0

#7
Robin Weisbrod
Posted 09 March 2014 - 10:14 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Security Check:

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox 19.0.2 Firefox out of Date!
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#8
zep516
Posted 09 March 2014 - 01:41 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi Robin Weisbrod,

Mozilla Firefox 19.0.2 Firefox out of Date!

Up Date your Firefox browser, running outdated browser versions can be an infection risk.

In the Firefox browser click Help, then click About Firefox and up date it.

How is the computer running now?

Thanks
Joe :)
  • 0

#9
Robin Weisbrod
Posted 09 March 2014 - 02:52 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Actually, I deleted Firefox, since my husband doesn't use it. I ran a couple of video's that would buffer/freeze before, and that seems to have helped. They aren't freezing, as of now. Thank you!
  • 0

#10
zep516
Posted 09 March 2014 - 03:06 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

  • 0

Advertisements

#11
Robin Weisbrod
Posted 09 March 2014 - 04:28 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Heather :: GW-PC [administrator]

Protection: Enabled

3/9/2014 5:57:57 PM
MBAM-log-2014-03-09 (18-16-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219204
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|[email protected] (PUP.Optional.Linksicle.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0 (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\_locales (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\_locales\en (PUP.Optional.ShopAtHome.A) -> No action taken.

Files Detected: 98
C:\Users\Heather\AppData\Local\Temp\is1716081191\2794850_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> No action taken.
C:\Users\Heather\Downloads\Adobe Digital Editions.exe (PUP.Optional.Bundler) -> No action taken.
C:\Users\Heather\Downloads\itunes.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Heather\Downloads\PhotoScape_Setup.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Users\Heather\Downloads\Player.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Heather\Downloads\Skype_Setup.exe (Adware.IBryte) -> No action taken.
C:\Users\Heather\Downloads\SoftonicDownloader_for_pdffactory.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\alert.html (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\browser_popup.html (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\favicon.ico (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icon_128.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\manifest.json (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\window.html (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\base.css (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\jquery-ui-1.8.5.custom.css (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_flat_55_fbec88_40x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_glass_75_d0e5f5_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_glass_85_dfeffc_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_gloss-wave_55_5c9ccc_500x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_inset-hard_100_f5f8f9_1x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-bg_inset-hard_100_fcfdfd_1x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_217bc0_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_2e83ff_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_469bdd_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_6da8d5_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_d8e7f3_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\redmond\images\ui-icons_f9bd01_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\jquery-ui-1.8.23.custom.css (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_flat_75_ffffff_40x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_glass_55_fbf9ee_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_glass_65_ffffff_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_glass_75_dadada_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_glass_75_e6e6e6_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-bg_highlight-soft_75_cccccc_1x100.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-icons_222222_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-icons_2e83ff_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-icons_454545_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-icons_888888_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\css\smoothness\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\badge-SAHLogo.gif (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\chrome-grey.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\chrome-orange.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sah-19.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sah.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-alert.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-clearsearch.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-comment.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-contests.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-exclusive.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-freecoupons.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-freesamples.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-go.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-grocerycoupons.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-information.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-mysah-128.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-mysah-16.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-mysah-48.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-mysah.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-online.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-options.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-restaurant.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-time.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\icons\sahtb-wishlist.png (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\background.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\browser_popup.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentAddFavorites.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentAppDetection.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentEventHandlers.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentHeartBeatCheck.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentInjection.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\ContentNotification.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentScript.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\contentSlider.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\esprima.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery-1.8.0.min.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery-ui-1.8.23.custom.min.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery.json-2.2.min.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery.slider.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery.url.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\jquery.websocket-0.0.1-sah.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\prefs.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahAlerts.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SAHHeartBeat.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahJquery.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahNotification.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahOptions.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahRedirection.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahRules.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahSearch.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SahTb.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\SAHWebSocketClient.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\js\uuid.js (PUP.Optional.ShopAtHome.A) -> No action taken.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\_locales\en\messages.json (PUP.Optional.ShopAtHome.A) -> No action taken.

(end)
  • 0

#12
Robin Weisbrod
Posted 09 March 2014 - 10:17 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bae1c815debfe54282bdd37dc3da1a26
# engine=17376
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-09 11:44:42
# local_time=2014-03-09 07:44:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 19851756 145952132 0 0
# scanned=135398
# found=0
# cleaned=0
# scan_time=4089
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bae1c815debfe54282bdd37dc3da1a26
# engine=17376
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-10 04:09:43
# local_time=2014-03-10 12:09:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 19867657 145968033 0 0
# scanned=135342
# found=8
# cleaned=0
# scan_time=4196
sh=A13668529A3FFD7037F5B2A59AA0719875B2F152 ft=1 fh=c71c0011884d0776 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\dtuser.exe"
sh=0F0D98691E66DD6A34BBB976B675CF0C4F850AD2 ft=1 fh=776eaf682f13ffd9 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll"
sh=B4044437AE3A224A1129B270A24174AEF087DF77 ft=1 fh=2e94227eee876c07 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll"
sh=BACD83645607A58B8452A8927F79EBA7F0502CB2 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Heather\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\PhotoScape Packages\uninstaller.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup409 (1).exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup409.exe"
sh=611E97FB85E4838D511487C3261C9C4D65F98B43 ft=1 fh=14a29e3bdabae998 vn="a variant of Win32/InstallCore.KB potentially unwanted application" ac=I fn="C:\Users\Heather\Downloads\FirefoxSetup.exe"
  • 0

#13
zep516
Posted 11 March 2014 - 03:31 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi Robin Weisbrod,

In your Malwarebytes log it shows No action taken.
Most of it is shop at home, perhaps you wanted to keep that,

Otherwise to delete that stuff please review,

After running the Malwarebytes scan:

Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

There's nothing serious or bad in the ESET scan either. So things are looking good...

If there are no further issues or problems, we can clean up the tools we used, I'll provide instruction for that.

Thanks
Joe :)
  • 0

#14
Robin Weisbrod
Posted 11 March 2014 - 04:49 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
My husband says it is vastly improved. Thank you very much.
  • 0

#15
zep516
Posted 11 March 2014 - 04:57 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK, Good news. Please follow through and you will be completed

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Last

I post this for everyone. There prevention steps

Turn On Automatic Updates:

To do that:

1. Click Start,click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for "any" time of day. Remember, your computer must be on at the scheduled timefor updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are then downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that "you" can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

Antispyware programs:

I would recommend the download and installation of the following program and the updating of it regularly:

WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP