Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to resolve DNS and failure to load pages in all browsers [Re-op


  • This topic is locked This topic is locked

#16
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Awesome sauce...but there seems to be a new infection present in Firefox so we will deal with that now and check for any leftovers :)
 
 
1. OTL Fix
 

 

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
:OTL
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\SearchProtect
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/03/30 15:19:00 | 000,001,000 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\searchplugins\conduit-search.xml
 
 
 
 
  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.
 
 
2. Reset Firefox
 

 

  • Open Firefox and click the Orange Firefox button.
 
  • Hover the Mouse over Help and select Troubleshooting Information from the sub-menu.
 
  • Under Reset Firefox to its default state click Reset Firefox then again click Reset Firefox click Finish
 
 
3. UPDATE AND RUN MALWAREBYTES
 

 

  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.
 
 
4. ESET SCAN ONLY
 
You will need to disable your currently installed Anti-Virus, how to do so can be read here.
 
 
IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.
 
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
 
 

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
 then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

 

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
 
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply. 
 
 
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
 
Things I want to see in your next post.
 

 

  • OTL fix.txt
  • Malwarebytes results
  • ESET results
  • How are things running now?
 
 

  • 0

Advertisements


#17
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL Fix Log:

 

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully.
C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\searchplugins\conduit-search.xml moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_171136
 


  • 0

#18
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Firefox reset... but I'd like to mention that my primary browser is Chrome.  I've heard good and bad about the browser, biggest issue is it uses a lot of resources.  Is this something we might want to clean up before we finish the thread?

 

I'm off to do the last two steps...  Will post logs soon.


  • 0

#19
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

This MBAM log has me irked... (not at you or GTG.com just freaked in general)  I ran it upteen times before I came here for her and it showed NOTHING.  I have automatic updates on and update every time I start a scan, how in the world did I suddenly end up with 121 issues????  What am I doing wrong?  Anyway... here is the MBAM log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Tammy :: TAMS [administrator]

Protection: Enabled

3/30/2014 5:17:44 PM
mbam-log-2014-03-30 (17-17-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228420
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> 2176 -> Delete on reboot.
C:\_OTL\MovedFiles\03302014_171136\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 2460 -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> 2752 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 82
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\_OTL\MovedFiles\03302014_171136\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\Tammy\AppData\Local\Temp\nsb1126.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsb717.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsh9EFA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsm1B26.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsm91FE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsxAA9F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\nsw6E51\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\temp\nsi2705.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\temp\nsnE5A1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\temp\nssDAC8.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\temp\nsx63B6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\Local Settings\Temporary Internet Files\Content.IE5\KH6DMOVP\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tammy\Local Settings\Temporary Internet Files\Content.IE5\Y6IGOM34\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)
 


  • 0

#20
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts
Am running the eset scan, you said it could take several hours. I disabled all anti-virus programs and have not touched the mouse or keyboard. It appears to be stuck at 28% but I'm going to let it keep going for a few hours before getting concerned. for what it's worth it is stalled where it was scanning my Open Office program. That might help, might not but I just wanted to throw it out there since it is a free download programs to replace Microsoft Publisher.

Edited by ColtsFan18, 30 March 2014 - 06:16 PM.

  • 0

#21
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OK, listen.  This eset is the bane of my existence at the moment.  First scan I stopped because I thought it stalled.  The second one got to 56% and one of my CATS stopped it.  I'm going to restart it when I go to bed and let it run through the night away from everything that COULD stop it.  I'm sorry to drag this out but I have some non-internet work I need to do before bed and I need the machine to do it.  I'll get the log posted in the morning.


  • 0

#22
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

:lol: Sounds like an adventure. ESET can take a long time. The record so far is 12 hours. It takes a long time as it is an extensive scan.

 

Malwarebytes found what I just removed in the last OTL fix. It did concern me as it appeared after my first fix. This type of malware is installed through free program downloads depending on the site you use. What sites do you use for free program downloads?


  • 0

#23
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OK... the scan finished overnight.  It  didn't give me a scan log or anything to click on to get one, but it said it found no threats, maybe that's why?.  What is strange though, is the first time it showed 24 threats and that was the scan I killed.  The second and third scan showed no threats.  Is that normal?  I usually use Cnet.com to download.  I don't download a lot of things, really, In fact the last download I remember was OpenOffice two years ago and I got that from their website.  In fact when I do download things it is typically from the product website.  Like Advanced System Care and Tweaking, both of those were direct from the websites.


Edited by ColtsFan18, 31 March 2014 - 12:16 PM.

  • 0

#24
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :)
 
The log for the ESET scan can be found in the following location: C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
 
I also want another OTL scan to make sure nothing has returned.
 
1. OTL Scan
 

 

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply
 

  • 0

#25
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OK, I'm on it :)


  • 0

Advertisements


#26
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Eset log:

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4304efbfbedaef43b6df5ce37ea05e77
# engine=17685
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-30 11:40:26
# local_time=2014-03-30 06:40:26 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21627491 147766276 0 0
# scanned=21037
# found=10
# cleaned=0
# scan_time=2273
sh=3167139758B6EC9C3D9818B043F65A7802407CF3 ft=1 fh=fff8c99c5a5c635d vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth178.dll.old.vir"
sh=673A1FF9A35DD5C4DA397DB09E69629E770C9AB4 ft=1 fh=e64cad523ad8ad04 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx178.dll.old.vir"
sh=67F216543767669CA8C00616A3DFE44316AA858A ft=1 fh=3b5e5715eacafafa vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\1a72eb1a.rbf"
sh=54BF5AFBDAAC7EE413B230B636D04227C53FB188 ft=1 fh=616db8f2201e2b61 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\1f9a4517.rbf"
sh=61717591CEC145973ACF703B4C1662FC230A2F4F ft=1 fh=666bd4bcdcd47dd1 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\491cebea.rbf"
sh=1C443DDBD85D73B890B9B94C82459683EE4C1B36 ft=1 fh=dffcdbdb858e24df vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\491cebeb.rbf"
sh=68F26AA902CC953FC8834BDAD0A44A443992D5D4 ft=1 fh=b9400f9f240f82be vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\6cac3.rbf"
sh=D32D55A13DD56DCCC1AA8754710361A5DB0129D4 ft=1 fh=09e85a34ebc583bf vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\6cac4.rbf"
sh=8BF2B51B88CBC8DDD94A299BEC9FA66D4BC0E265 ft=1 fh=c5c0a46b6a6bc647 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\b3e7c71.rbf"
sh=C6C5E16B264582C81CE7C3AEF59DAE2E88D44728 ft=1 fh=90da94e772b377b1 vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\b3e7c72.rbf"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4304efbfbedaef43b6df5ce37ea05e77
# engine=17685
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-31 01:22:33
# local_time=2014-03-30 08:22:33 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21633618 147772403 0 0
# scanned=48279
# found=25
# cleaned=0
# scan_time=6032
sh=3167139758B6EC9C3D9818B043F65A7802407CF3 ft=1 fh=fff8c99c5a5c635d vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth178.dll.old.vir"
sh=673A1FF9A35DD5C4DA397DB09E69629E770C9AB4 ft=1 fh=e64cad523ad8ad04 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx178.dll.old.vir"
sh=67F216543767669CA8C00616A3DFE44316AA858A ft=1 fh=3b5e5715eacafafa vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\1a72eb1a.rbf"
sh=54BF5AFBDAAC7EE413B230B636D04227C53FB188 ft=1 fh=616db8f2201e2b61 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\1f9a4517.rbf"
sh=61717591CEC145973ACF703B4C1662FC230A2F4F ft=1 fh=666bd4bcdcd47dd1 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\491cebea.rbf"
sh=1C443DDBD85D73B890B9B94C82459683EE4C1B36 ft=1 fh=dffcdbdb858e24df vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\491cebeb.rbf"
sh=68F26AA902CC953FC8834BDAD0A44A443992D5D4 ft=1 fh=b9400f9f240f82be vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\6cac3.rbf"
sh=D32D55A13DD56DCCC1AA8754710361A5DB0129D4 ft=1 fh=09e85a34ebc583bf vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\6cac4.rbf"
sh=8BF2B51B88CBC8DDD94A299BEC9FA66D4BC0E265 ft=1 fh=c5c0a46b6a6bc647 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Config.Msi\b3e7c71.rbf"
sh=C6C5E16B264582C81CE7C3AEF59DAE2E88D44728 ft=1 fh=90da94e772b377b1 vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Config.Msi\b3e7c72.rbf"
sh=489232AE1295D98A77C4378ABA6C5C7F318FC4B5 ft=1 fh=33fa6983f5449548 vn="a variant of Win32/Toolbar.CrossRider.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\Software Assist\Software Assist-bg.exe"
sh=0289490744A1B4463B47B3F752A3566475840874 ft=1 fh=c71c00118debe12c vn="a variant of Win32/Toolbar.CrossRider.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Software Assist\Software Assist.dll"
sh=489232AE1295D98A77C4378ABA6C5C7F318FC4B5 ft=1 fh=33fa6983f5449548 vn="a variant of Win32/Toolbar.CrossRider.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\Software Assist\Software Assist.exe"
sh=891BFD4141DF1E3A058CB605427D6D95A5098AEE ft=1 fh=c71c00115cf72abf vn="a variant of Win32/Toolbar.CrossRider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Software Assist\Software AssistGui.exe"
sh=081CDAA791AD5A3C2213A5F0A501510F7E351B32 ft=1 fh=73ac43b815fe6851 vn="Win32/Toolbar.CrossRider.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Software Assist\Uninstall.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc-setup.exe"
sh=221210B19AC0B17F0F222443101B0099F7BD3E64 ft=1 fh=f5816da3f7c5bfd3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc7-setup.exe"
sh=1D8CC59B76B5F536006EA6C3769522986017BD03 ft=1 fh=f95e57c3dcfc1287 vn="a variant of Win32/ToolkitOffers.A potentially unwanted application" ac=I fn="C:\Users\Tammy\Desktop\Documents and stuff\Downloads\Excel_installer.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Tammy\Desktop\Documents and stuff\Downloads\OffercastInstaller_AVR_U-0311-01-P_.exe"
sh=3661383B652D80B662CDE4829A22A3FD7F803888 ft=1 fh=9461aa84922f14a9 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Tammy\Desktop\Documents and stuff\Downloads\PIP_AVR80_.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe"
sh=7508F1C69E87F29D09AB515896090D5FCD34984D ft=1 fh=bb1f3b8fc9a314ef vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\cnet2_PicMgr_zip.exe"
sh=1B4629FA0FD90E06E105E8605EC950B611009AFA ft=1 fh=df533382a68505ac vn="a variant of Win32/InstallCore.AV potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\FLVPlayerSetup.exe"
sh=8DA36C3B7FFB7598B2D5D24FAA10FE169764CE56 ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Tammy\Downloads\HangingWithFriends_v4.52.apk"
sh=11D807E57854E1C9334617B49B54BD5E600585DA ft=1 fh=a647c5fa1cf8cfec vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\Produtools_Manuals_2_1.exe"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4304efbfbedaef43b6df5ce37ea05e77
# engine=17685
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 04:09:36
# local_time=2014-03-30 11:09:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21643641 147782426 0 0
# scanned=113939
# found=0
# cleaned=0
# scan_time=9541
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4304efbfbedaef43b6df5ce37ea05e77
# engine=17685
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 07:35:15
# local_time=2014-03-31 02:35:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21655980 147794765 0 0
# scanned=155122
# found=0
# cleaned=0
# scan_time=10905
 
OTL Log:
 

OTL logfile created on: 3/31/2014 8:23:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tammy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 49.04% Memory free
7.21 Gb Paging File | 4.88 Gb Available in Paging File | 67.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 181.46 Gb Free Space | 70.79% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.72 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: TAMS | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
PRC - [2014/02/01 19:15:32 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2014/01/01 02:53:51 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/30 13:40:40 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/28 08:40:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/06/10 12:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/05/30 14:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/05/20 13:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 16:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/30 17:31:09 | 000,046,080 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
MOD - [2014/03/29 21:34:33 | 000,541,696 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2014/03/14 19:50:40 | 013,637,448 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2011/06/10 12:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2011/05/30 14:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2009/11/02 16:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 16:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/05 21:48:05 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/08 00:09:26 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/03/29 01:02:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/13 10:39:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/05 21:48:06 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/11/05 21:48:06 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/11/05 21:46:41 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/07 07:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 13:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/18 04:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/29 03:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/04 05:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 05:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/05/25 21:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tammy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/29 01:01:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\
 
[2012/05/02 17:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Extensions
[2014/03/30 17:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\kb8qej9g.default-1396217641706\extensions
[2014/03/29 01:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:02:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/04 18:53:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2014/01/01 02:54:33 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/03/26 22:17:31 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A12908-D330-490A-806D-6EEC561D2FB5}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/30 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/30 17:14:07 | 000,000,000 | ---D | C] -- C:\Users\Tammy\Desktop\Old Firefox Data
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\SearchProtect
[2014/03/30 15:17:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 13:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/29 21:22:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 21:19:54 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/03/29 18:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/03/29 17:57:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:56:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:45 | 002,846,904 | ---- | C] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/29 01:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/28 12:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/03/26 22:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/26 22:25:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/20 17:17:32 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/20 17:15:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/18 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/18 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/12 18:01:48 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tammy\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/31 20:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/31 20:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001UA.job
[2014/03/31 20:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 19:59:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/03/31 17:05:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 10:02:44 | 000,798,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/31 10:02:44 | 000,662,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/31 10:02:44 | 000,122,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/31 01:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001Core.job
[2014/03/30 17:37:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 17:37:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 17:30:53 | 000,003,037 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2014/03/30 17:30:18 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/03/30 17:29:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 17:29:36 | 2903,281,664 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 15:24:14 | 000,001,513 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/03/29 19:28:54 | 000,907,539 | ---- | M] () -- C:\Users\Tammy\Desktop\0329141846.jpg
[2014/03/29 18:52:42 | 000,002,386 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/03/29 17:57:22 | 000,987,448 | ---- | M] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/29 17:57:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:53 | 002,846,904 | ---- | M] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/27 11:57:23 | 000,186,566 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:18 | 000,557,352 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/26 22:25:35 | 000,315,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 22:22:08 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/26 22:17:31 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/26 22:06:56 | 000,798,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/26 21:57:14 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 17:06:21 | 005,560,425 | ---- | M] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2014/03/20 17:37:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_523
 
========== Files Created - No Company Name ==========
 
[2014/03/29 19:28:52 | 000,907,539 | ---- | C] () -- C:\Users\Tammy\Desktop\0329141846.jpg
[2014/03/29 17:57:14 | 000,987,448 | ---- | C] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/27 11:57:22 | 000,186,566 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:17 | 000,557,352 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/26 21:57:14 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 17:06:20 | 005,560,425 | ---- | C] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2013/11/05 21:48:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/11/05 21:48:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/11/05 21:48:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/11/05 21:48:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/11/05 21:48:03 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/12 18:01:46 | 000,893,239 | ---- | C] () -- C:\Users\Tammy\AppData\Local\a.zip
[2013/03/09 17:28:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 22:26:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/16 11:54:31 | 000,026,339 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp20.html
[2012/02/16 11:54:14 | 000,001,955 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp1.html
[2012/02/10 17:32:50 | 000,000,036 | ---- | C] () -- C:\Users\Tammy\AppData\Local\housecall.guid.cache
[2011/12/02 21:26:31 | 000,004,608 | ---- | C] () -- C:\Users\Tammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/22 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\ASUS WebStorage
[2012/09/04 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina Marketing Corp
[2013/10/12 18:01:41 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina – Print Savings
[2012/01/02 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\MediaArt
[2011/11/26 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Nuance
[2012/03/07 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\OpenOffice.org
[2014/03/18 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Opera Software
[2011/12/04 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoFiltre
[2012/03/16 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoScape
[2011/12/11 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\SoftGrid Client
[2013/02/08 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Visan
[2013/11/24 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows
[2012/08/14 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows Live Writer
[2011/11/25 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Zeon
 
< End of report >
 

  • 0

#27
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
OK I will check if those files are still present in the next fix.
 
Did you use my link for the ADWcleaner download?
 
You said that you used Chrome but there is no sign of it in the scans, is it installed?
 
 
 
I want you to check if a program is installed and if so remove it for me. Run the following and let me know how the PC is running :)
 
1. Uninstall
 

 

 

  • Click Start then select Control Panel

 

  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:

 

  • Software Assist
 
 
 
2. OTL Fix
 

 

  • Right click the OTL icon and select Run as Administrator.

 

  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
:OTL
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\SearchProtect
[2012/02/16 11:54:31 | 000,026,339 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp20.html
[2012/02/16 11:54:14 | 000,001,955 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp1.html
:FILES
C:\Users\Tammy\Downloads\Produtools_Manuals_2_1.exe
C:\Users\Tammy\Downloads\HangingWithFriends_v4.52.apk
C:\Users\Tammy\Downloads\FLVPlayerSetup.exe
C:\Users\Tammy\Downloads\cnet2_PicMgr_zip.exe
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\PIP_AVR80_.exe
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\OffercastInstaller_AVR_U-0311-01-P_.exe
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\Excel_installer.exe
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc7-setup.exe
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc-setup.exe
C:\Program Files (x86)\Software Assist
C:\Config.Msi\1a72eb1a.rbf
C:\Config.Msi\1f9a4517.rbf
C:\Config.Msi\491cebea.rbf
C:\Config.Msi\491cebeb.rbf
C:\Config.Msi\6cac3.rbf
C:\Config.Msi\6cac4.rbf
C:\Config.Msi\b3e7c71.rbf
C:\Config.Msi\b3e7c72.rbf
C\Program Files (x86)\Common Files\Spigot

 

 
 
 
  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.
 
 

  • 0

#28
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

I must have missed the link for the ADWcleaner so I Googled it and  downloaded it from Cnet.

 

Google Chrome IS installed and I use it daily.  But this was the only browser I could get the forum to load in so I've been using Firefox to communicate with you.

 

I'm sure Software Assist is installed, so I'll delete it now and run the scan and get the log posted ASAP.


  • 0

#29
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL Log:

 

========== OTL ==========
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Tammy\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Users\Tammy\AppData\Local\Temp20.html moved successfully.
C:\Users\Tammy\AppData\Local\Temp1.html moved successfully.
========== FILES ==========
C:\Users\Tammy\Downloads\Produtools_Manuals_2_1.exe moved successfully.
C:\Users\Tammy\Downloads\HangingWithFriends_v4.52.apk moved successfully.
C:\Users\Tammy\Downloads\FLVPlayerSetup.exe moved successfully.
C:\Users\Tammy\Downloads\cnet2_PicMgr_zip.exe moved successfully.
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\PIP_AVR80_.exe moved successfully.
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\OffercastInstaller_AVR_U-0311-01-P_.exe moved successfully.
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\Excel_installer.exe moved successfully.
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc7-setup.exe moved successfully.
C:\Users\Tammy\Desktop\Documents and stuff\Downloads\asc-setup.exe moved successfully.
File\Folder C:\Program Files (x86)\Software Assist not found.
C:\Config.Msi\1a72eb1a.rbf moved successfully.
C:\Config.Msi\1f9a4517.rbf moved successfully.
C:\Config.Msi\491cebea.rbf moved successfully.
C:\Config.Msi\491cebeb.rbf moved successfully.
C:\Config.Msi\6cac3.rbf moved successfully.
C:\Config.Msi\6cac4.rbf moved successfully.
C:\Config.Msi\b3e7c71.rbf moved successfully.
C:\Config.Msi\b3e7c72.rbf moved successfully.
File\Folder C\Program Files (x86)\Common Files\Spigot not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03312014_225548
 


  • 0

#30
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Now...Aside from Chrome I also, at one point downloaded Opera and Safari to check out new browsers, I deleted them but I still see traces in the scans.  You don't see Chrome but I can see Opera... that's kinda odd to me.

 

Before we finish up and close this my husband is having issues with his desktop and I plan on getting on a cleanout on his once this one is done.  Am I allowed to use the same thread for two fixes or do I need to start a new thread?  You are kinda my favorite "geek" and if we could get it all done at once that would be so awesome.  If you CAN'T I understand and I'll get in line and hope I get you :)   Just let me know and I'll follow protocol.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP