Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware, adware issues [Solved]

Started by St3liz , Apr 05 2014 10:26 AM

  • This topic is locked This topic is locked

#1
St3liz
Posted 05 April 2014 - 10:26 AM

St3liz

    Member

  • Member
  • PipPip
  • 20 posts

Hi,

 

I've posted this on the What the Tech forum but it seems a little quiet over there.

I'm normally very good at avoiding this kind of thing but I'm not infallible. My wife asked me to have a look at her laptop as it was running slowly and I decided to download Optimizer Pro and it turned out to be malware.

 

I have gone through the standard steps first - uninstall programs, windows defender, anti-virus and anti-malware scans and removed all threats, removed all the browser add ons.

 

The situation now is that the uninstall programs window no longer shows the uninstall/repair buttons. The only internet page that will load is my homepage and when I try to navigate to any website I get a 'unable to connect to proxy server' message even though there doesn't appear to be any problem with the internet connection, I believe there is something re-directing my internet but I can't find it.

I have run Malware Bytes several times and it is now showing no threats.

I also have some adware called Pirrit that I can't get rid of.

 

How can I resolve this without internet access?

 

Thanks


  • 0

Advertisements

#2
Machiavelli
Posted 05 April 2014 - 10:34 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

 

 

I've posted this on the What the Tech forum but it seems a little quiet over there.

 

You have posted it today some hours ago. Do you like get help here or there? :)


  • 0

#3
St3liz
Posted 05 April 2014 - 10:42 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi,

 

As there seems to be very few people online on What the Tech so I'll gladly accept help here, thanks.


  • 0

#4
Machiavelli
Posted 05 April 2014 - 10:47 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, St3liz

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

anqpskr7.png

94gcza5x.png

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 
 

As there seems to be very few people online on What the Tech so I'll gladly accept help here, thanks.

OK, then please say them that Machiavelli is helping you. Thanks. :)

------

You must save the tool on a USB stick (download it from another computer) and transfer it to the infected computer.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

  • 0

#5
St3liz
Posted 05 April 2014 - 11:15 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

OK, thanks. I'll do what I can for now but I have to go to work in about an hour.


  • 0

#6
Machiavelli
Posted 05 April 2014 - 11:19 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK, no problem. :) I will wait for the results.
  • 0

#7
St3liz
Posted 05 April 2014 - 11:57 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ok, here are the results -

 

OTL logfile created on: 05/04/2014 18:31:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lizbeth\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.96% Memory free
4.19 Gb Paging File | 3.27 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 54.64 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.78 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.96% Space Free | Partition Type: FAT
 
Computer Name: LIZBETH-PC | User Name: Lizbeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/05 18:17:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
PRC - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () -- C:\Program Files\WinRST\WinRST.exe
PRC - [2014/02/20 15:13:08 | 000,059,904 | ---- | M] () -- C:\Program Files\Pirrit\AutoUpdater.exe
PRC - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 15:38:12 | 001,174,152 | ---- | M] (WiseCleaner.com) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/03 09:30:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/27 06:48:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/02/13 20:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/02 04:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/09 11:52:48 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/09 11:52:44 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/09 11:52:44 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/09 11:52:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008/03/26 23:24:13 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/05/25 08:00:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 16:16:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/14 15:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\WinRST\WinRST.exe -- (WinRST)
SRV - [2014/02/20 15:13:08 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Pirrit\AutoUpdater.exe -- (PirritUpdater)
SRV - [2014/01/21 16:25:34 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/13 20:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/02 04:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/27 20:17:48 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 20:17:48 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 20:17:48 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/01/02 04:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/05/09 11:52:42 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/29 06:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/25 11:13:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/25 09:15:06 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/25 09:15:06 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/04/25 09:15:04 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...r=983859203&ir=
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com [binary data]
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...r=983859203&ir=
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880
 
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1304\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080327
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1304\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080327
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1304\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/21 11:41:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/21 11:41:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26ec3b5b-aa6a-4247-9c59-9788deea28a2}: C:\Program Files\BlockAndSurf Corp\158.xpi
 
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/04/05 10:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/04/04 16:52:21 | 000,036,932 | ---- | M] () (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/03/21 11:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - Extension: Google Drive = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Freemake Video Converter = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension:  MalaysiaBay Redirector = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdoddcdidelnlglppigljlmnkgafjjf\0.3_0\
CHR - Extension: Google Wallet = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/04 16:53:38 | 000,008,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 216.239.32.20 google.com 
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar 
O1 - Hosts: 216.239.32.20 google.com www.google.as 
O1 - Hosts: 216.239.32.20 google.com www.google.at 
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az 
O1 - Hosts: 216.239.32.20 google.com www.google.ba 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd 
O1 - Hosts: 216.239.32.20 google.com www.google.be 
O1 - Hosts: 216.239.32.20 google.com www.google.bf 
O1 - Hosts: 216.239.32.20 google.com www.google.bg 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh 
O1 - Hosts: 216.239.32.20 google.com www.google.bi 
O1 - Hosts: 216.239.32.20 google.com www.google.bj 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn 
O1 - Hosts: 170 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3896089956-457986621-1509175122-1304\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07985FFF-73D5-474C-9162-281F0489E4BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C75EBECB-99C2-48D0-8BC0-F6139C87B0CB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~2.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell - "" = AutoRun
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/05 18:27:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
[2014/04/05 12:22:57 | 000,000,000 | R--D | C] -- C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/04 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Local\WinRST
[2014/04/04 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRST
[2014/04/04 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Pirrit
[2014/04/04 16:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pirrit
[2014/04/04 16:50:04 | 001,176,896 | ---- | C] (AnyProtect.com) -- C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/04 16:04:35 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/04 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\Documents\Optimizer Pro
[2014/04/04 16:00:10 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Optimizer Pro
[2014/04/04 15:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/03/24 18:47:01 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
[2014/03/24 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2014/03/24 17:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2014/03/24 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Systweak
[2014/03/24 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Template
[2014/03/22 19:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hazard Perception Training
[2014/03/22 19:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success
[2014/03/22 11:44:28 | 000,000,000 | ---D | C] -- C:\lgvpcv
[2014/03/22 11:43:11 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[1 C:\Users\Lizbeth\AppData\Local\*.tmp files -> C:\Users\Lizbeth\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/05 18:27:37 | 000,632,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/05 18:27:37 | 000,111,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/05 18:26:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/05 18:17:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
[2014/04/05 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/05 17:59:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2014/04/05 17:54:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 17:54:50 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/04/05 17:52:27 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 17:52:27 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 17:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/05 17:51:51 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 10:59:11 | 000,000,080 | ---- | M] () -- C:\Users\Lizbeth\AppData\Roaming\WB.CFG
[2014/04/05 10:33:08 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/04 16:54:38 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/04 16:53:38 | 000,008,846 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/04 16:16:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/04 16:16:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/03 11:08:26 | 001,176,896 | ---- | M] (AnyProtect.com) -- C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/31 17:00:07 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/03/24 17:54:21 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/03/24 17:26:45 | 000,008,704 | ---- | M] () -- C:\Users\Lizbeth\Documents\lizbeths CV.wps
[2014/03/24 17:26:45 | 000,000,294 | ---- | M] () -- C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
[2014/03/22 19:52:32 | 000,058,368 | ---- | M] () -- C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/22 11:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\PROTOCOL.INI
[2014/03/22 11:41:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/03/22 11:41:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/03/15 16:47:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\Lizbeth\AppData\Local\*.tmp files -> C:\Users\Lizbeth\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/04 16:54:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/04 15:59:29 | 000,000,080 | ---- | C] () -- C:\Users\Lizbeth\AppData\Roaming\WB.CFG
[2014/04/04 15:59:14 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\SaveSense.job
[2014/03/24 19:49:21 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/24 18:53:55 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/03/24 18:53:55 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/03/24 17:54:21 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/03/24 17:26:45 | 000,008,704 | ---- | C] () -- C:\Users\Lizbeth\Documents\lizbeths CV.wps
[2014/03/24 17:21:37 | 000,000,294 | ---- | C] () -- C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
[2014/03/22 11:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2014/03/22 11:41:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/03/22 11:41:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/18 15:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 15:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 15:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 15:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/06/27 20:17:49 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 19:40:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 19:40:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/03/02 19:34:05 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/02 19:34:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/12/02 22:33:22 | 000,058,368 | ---- | C] () -- C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/12/03 09:32:19 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/03 09:25:10 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/04 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Optimizer Pro
[2013/03/22 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\PerformerSoft
[2014/04/04 16:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Pirrit
[2014/03/24 18:17:49 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Samsung
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\SpeedanAlysis
[2014/04/05 10:14:03 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Systweak
[2013/12/07 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\TeamViewer
[2014/03/24 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Template
[2014/04/03 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\uTorrent
[2014/04/05 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 10:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2006/11/02 10:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008/03/27 06:56:34 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2012/12/03 09:24:34 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012/12/03 01:09:35 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008/04/19 09:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2006/11/02 10:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2006/11/02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2012/12/03 09:25:13 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2008/03/27 06:55:20 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2012/12/03 09:21:24 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006/11/02 10:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 10:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/03/27 06:52:04 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2012/12/03 01:13:55 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2006/11/02 10:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2006/11/02 10:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2006/11/02 10:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2006/11/02 10:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2006/11/02 10:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006/11/02 10:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2012/12/03 09:26:04 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006/11/02 10:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/12/03 01:09:35 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006/11/02 13:34:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 10:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2006/11/02 10:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2012/12/03 09:25:13 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2006/11/02 10:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012/12/03 01:09:35 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2006/11/02 13:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006/11/02 10:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/03/27 06:53:26 | 002,605,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2012/12/03 09:26:02 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2006/11/02 10:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2006/11/02 10:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2006/11/02 10:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2006/11/02 13:36:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 10:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2008/03/27 06:47:05 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006/11/02 13:34:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2006/11/02 10:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006/11/02 10:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2006/11/02 10:46:16 | 001,568,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2008/03/27 06:44:25 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2012/12/03 01:10:52 | 000,502,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2012/12/03 01:03:33 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2012/12/03 09:30:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2012/12/03 09:30:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/12/03 09:30:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/12/03 09:30:36 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/27 06:47:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/27 06:47:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2012/12/03 09:30:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) MD5=0D5AD0E71FF5DDAC5DD2F443B499ABD0 -- C:\Program Files\Windows Defender\MpSvc.dll
[2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) MD5=0D5AD0E71FF5DDAC5DD2F443B499ABD0 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16420_none_55c0ce805b18c568\MpSvc.dll
[2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) MD5=A18CA600C298BCEA82DCC10B0051843E -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.20516_none_565b3cf37428e14b\MpSvc.dll
[2006/11/02 13:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) MD5=EC0180032C6D201EF26FAD1A0C14E674 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2006/11/02 10:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2008/03/27 06:56:34 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\System32\qmgr.dll
[2008/03/27 06:56:34 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2008/03/27 06:56:34 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll
 
< MD5 for: SERVICES  >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 19:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2006/11/02 13:53:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2006/11/02 13:53:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2006/11/02 08:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 08:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 94F7-D2E9
 Directory of C:\
02/12/2012  22:22    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
02/12/2012  22:22    <JUNCTION>     Application Data [C:\ProgramData]
02/12/2012  22:22    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
02/12/2012  22:22    <JUNCTION>     Documents [C:\Users\Public\Documents]
02/12/2012  22:22    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
02/12/2012  22:22    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/12/2012  22:22    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
02/12/2012  22:22    <SYMLINKD>     All Users [C:\ProgramData]
02/12/2012  22:22    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
02/12/2012  22:22    <JUNCTION>     Application Data [C:\ProgramData]
02/12/2012  22:22    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
02/12/2012  22:22    <JUNCTION>     Documents [C:\Users\Public\Documents]
02/12/2012  22:22    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
02/12/2012  22:22    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/12/2012  22:22    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
02/12/2012  22:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
02/12/2012  22:22    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/12/2012  22:22    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
02/12/2012  22:22    <JUNCTION>     My Documents [C:\Users\Default\Documents]
02/12/2012  22:22    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/12/2012  22:22    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/12/2012  22:22    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/12/2012  22:22    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/12/2012  22:22    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/12/2012  22:22    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
02/12/2012  22:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
02/12/2012  22:22    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/12/2012  22:22    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
02/12/2012  22:22    <JUNCTION>     My Music [C:\Users\Default\Music]
02/12/2012  22:22    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
02/12/2012  22:22    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lizbeth
02/12/2012  22:26    <JUNCTION>     Application Data [C:\Users\Lizbeth\AppData\Roaming]
02/12/2012  22:26    <JUNCTION>     Cookies [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Cookies]
02/12/2012  22:26    <JUNCTION>     Local Settings [C:\Users\Lizbeth\AppData\Local]
02/12/2012  22:26    <JUNCTION>     My Documents [C:\Users\Lizbeth\Documents]
02/12/2012  22:26    <JUNCTION>     NetHood [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/12/2012  22:26    <JUNCTION>     PrintHood [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/12/2012  22:26    <JUNCTION>     Recent [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Recent]
02/12/2012  22:26    <JUNCTION>     SendTo [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\SendTo]
02/12/2012  22:26    <JUNCTION>     Start Menu [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Start Menu]
02/12/2012  22:26    <JUNCTION>     Templates [C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lizbeth\AppData\Local
02/12/2012  22:26    <JUNCTION>     Application Data [C:\Users\Lizbeth\AppData\Local]
02/12/2012  22:26    <JUNCTION>     History [C:\Users\Lizbeth\AppData\Local\Microsoft\Windows\History]
02/12/2012  22:26    <JUNCTION>     Temporary Internet Files [C:\Users\Lizbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lizbeth\Documents
02/12/2012  22:26    <JUNCTION>     My Music [C:\Users\Lizbeth\Music]
02/12/2012  22:26    <JUNCTION>     My Pictures [C:\Users\Lizbeth\Pictures]
02/12/2012  22:26    <JUNCTION>     My Videos [C:\Users\Lizbeth\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
02/12/2012  22:22    <JUNCTION>     My Music [C:\Users\Public\Music]
02/12/2012  22:22    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
02/12/2012  22:22    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Steve
01/01/2014  12:24    <JUNCTION>     Application Data [C:\Users\Steve\AppData\Roaming]
01/01/2014  12:24    <JUNCTION>     Cookies [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies]
01/01/2014  12:24    <JUNCTION>     Local Settings [C:\Users\Steve\AppData\Local]
01/01/2014  12:24    <JUNCTION>     My Documents [C:\Users\Steve\Documents]
01/01/2014  12:24    <JUNCTION>     NetHood [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/01/2014  12:24    <JUNCTION>     PrintHood [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/01/2014  12:24    <JUNCTION>     Recent [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Recent]
01/01/2014  12:24    <JUNCTION>     SendTo [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\SendTo]
01/01/2014  12:24    <JUNCTION>     Start Menu [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu]
01/01/2014  12:24    <JUNCTION>     Templates [C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Steve\AppData\Local
01/01/2014  12:24    <JUNCTION>     Application Data [C:\Users\Steve\AppData\Local]
01/01/2014  12:24    <JUNCTION>     History [C:\Users\Steve\AppData\Local\Microsoft\Windows\History]
01/01/2014  12:24    <JUNCTION>     Temporary Internet Files [C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Steve\Documents
01/01/2014  12:24    <JUNCTION>     My Music [C:\Users\Steve\Music]
01/01/2014  12:24    <JUNCTION>     My Pictures [C:\Users\Steve\Pictures]
01/01/2014  12:24    <JUNCTION>     My Videos [C:\Users\Steve\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  58,485,153,792 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 

OTL Extras logfile created on: 05/04/2014 18:31:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lizbeth\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.96% Memory free
4.19 Gb Paging File | 3.27 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 54.64 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.78 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.96% Space Free | Partition Type: FAT
 
Computer Name: LIZBETH-PC | User Name: Lizbeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [AddToPlaylistUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -play-dir "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3376D132-4506-431C-AB6F-2BE460EF471D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{39012E95-8343-4AA3-A989-43BFB0E4DCB7}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{3AE1BC07-0D05-4C1B-9844-52CA11EC55EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8506D23D-AD02-4083-ADA0-A203C040CD92}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{C7FF35AA-8EAE-45F9-AD19-E01F942D165A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{FE90AEF0-11C1-41CF-8A26-390F01C2341D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24/03/2014 12:59:22 | Computer Name = Lizbeth-PC | Source = MsiInstaller | ID = 11905
Description = 
 
Error - 24/03/2014 14:44:07 | Computer Name = Lizbeth-PC | Source = VSS | ID = 8194
Description = 
 
Error - 04/04/2014 11:06:32 | Computer Name = Lizbeth-PC | Source = MsiInstaller | ID = 11719
Description = 
 
Error - 04/04/2014 11:15:21 | Computer Name = Lizbeth-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 04/04/2014 11:15:22 | Computer Name = Lizbeth-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 04/04/2014 11:15:38 | Computer Name = Lizbeth-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 04/04/2014 11:15:40 | Computer Name = Lizbeth-PC | Source = Perflib | ID = 1005
Description = 
 
Error - 04/04/2014 11:15:40 | Computer Name = Lizbeth-PC | Source = Perflib | ID = 1017
Description = 
 
Error - 04/04/2014 11:56:49 | Computer Name = Lizbeth-PC | Source = VSS | ID = 8194
Description = 
 
Error - 05/04/2014 05:31:57 | Computer Name = Lizbeth-PC | Source = Application Error | ID = 1000
Description = Faulting application BlockAndSurf158.exe, version 1.158.0.0, time 
stamp 0x533c95b6, faulting module kernel32.dll, version 6.0.6000.21010, time stamp
 0x49951e1e, exception code 0xe06d7363, fault offset 0x0001b08e,  process id 0x908,
 application start time 0x01cf50ada1143048.
 
[ System Events ]
Error - 05/04/2014 11:16:03 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 05/04/2014 11:12:01 | Computer Name = Lizbeth-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 05/04/2014 11:14:01 | Computer Name = Lizbeth-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 05/04/2014 11:15:01 | Computer Name = Lizbeth-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 05/04/2014 11:16:01 | Computer Name = Lizbeth-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 05/04/2014 12:53:39 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 05/04/2014 12:53:39 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05/04/2014 12:54:39 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05/04/2014 12:54:40 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05/04/2014 12:54:48 | Computer Name = Lizbeth-PC | Source = Service Control Manager | ID = 7031
Description = 
 
 
< End of report >
 

  • 0

#8
Machiavelli
Posted 05 April 2014 - 01:49 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,
hope everything is going well. The internet should work after you finished with Step 3, if not, download the tools from another PC, transfer the tools via USB stick to the infected pc. (like you did it with OTL)

Step 1: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 2: Uninstalls
  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • MyFreeCodec

  • Once you have done this, reboot your computer
Step 3: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/03/14 15:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\WinRST\WinRST.exe -- (WinRST)
SRV - [2014/02/20 15:13:08 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Pirrit\AutoUpdater.exe -- (PirritUpdater)
IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...r=983859203&ir=
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...r=983859203&ir=
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26ec3b5b-aa6a-4247-9c59-9788deea28a2}: C:\Program Files\BlockAndSurf Corp\158.xpi
[2014/04/04 16:52:21 | 000,036,932 | ---- | M] () (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3896089956-457986621-1509175122-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3896089956-457986621-1509175122-1304\..Trusted Ranges: GD ([http] in Local intranet)
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~2.dll) -  File not found
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell - "" = AutoRun
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
[2014/04/04 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Local\WinRST
[2014/04/04 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRST
[2014/04/04 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Pirrit
[2014/04/04 16:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pirrit
[2014/04/04 16:50:04 | 001,176,896 | ---- | C] (AnyProtect.com) -- C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/04 16:04:35 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/04 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\Documents\Optimizer Pro
[2014/04/04 16:00:10 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Optimizer Pro
[2014/04/04 15:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/03/24 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Systweak
[2014/03/22 11:44:28 | 000,000,000 | ---D | C] -- C:\lgvpcv
[2014/03/22 11:43:11 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2014/04/05 17:59:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2013/03/22 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\PerformerSoft
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\SpeedanAlysis


:Files
dir C:\Users\Lizbeth\AppData\Roaming\Template /S /C
dir C:\ProgramData\Hazard Perception Training /S /C
dir C:\ProgramData\Driving Test Success /S /C
C:\Program Files\BlockAndSurf Corp

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply
Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 5: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 6: OTL Scan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 7: Question

Still issues? If yes please tell me.
  • 0

#9
St3liz
Posted 06 April 2014 - 06:35 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi,

 

Unfortunately, I still have issues.

 

I can't uninstall anything as I still have the same problem with the control panel window not having the uninstall/repair buttons available.

 

I ran the OTL fix with the text you provided and when the laptop rebooted I couldn't find the fix log. Can you tell me if it will have saved it to a specific location?

 

The internet access is still not available, I am still getting the same 'unable to connect to proxy server' message. I have checked the settings and all looks OK and I have other devices which don't have any connection problem. I tried using IE instead of Chrome and I noticed that the search engine is 'Mysearchdial' which is one of the browser extensions I tried to remove previously which suggests it is still causing a problem.

 

Can I download the ad and junk removal tools to a memory stick and transfer them?

 

St3liz


  • 0

#10
Machiavelli
Posted 06 April 2014 - 07:12 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hi! :)

I ran the OTL fix with the text you provided and when the laptop rebooted I couldn't find the fix log. Can you tell me if it will have saved it to a specific location?

There should be logs located under: C:\_OTL\MovedFiles
 

I can't uninstall anything as I still have the same problem with the control panel window not having the uninstall/repair buttons available.

OK, please proceed with the other steps then.
 

Can I download the ad and junk removal tools to a memory stick and transfer them?

Yes, please do so.
  • 0

Advertisements

#11
St3liz
Posted 06 April 2014 - 07:36 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

OK, thanks.

 

Before I continue with the other steps I thought I should let you know that the folder which should have the fix log in it is empty.


  • 0

#12
Machiavelli
Posted 06 April 2014 - 07:48 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey :)

Before I continue with the other steps I thought I should let you know that the folder which should have the fix log in it is empty.

Are you sure you did the fix as it said in the instructions? Please do the fix again as I think there went something wrong.
  • 0

#13
St3liz
Posted 06 April 2014 - 07:55 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi,

 

I followed your instructions and when OLT started I got a blue screen and then a reboot. There is a folder created with the date but it is empty. I'll have another try and see what happens.


  • 0

#14
St3liz
Posted 06 April 2014 - 08:47 AM

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi again,

 

OK, here are the results. I ran the OTL fix using your text and got the same result again - blue screen, reboot, no file.

 

# AdwCleaner v3.023 - Report created 06/04/2014 at 14:51:03
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Lizbeth - LIZBETH-PC
# Running from : C:\Users\Lizbeth\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BackupStack
[#] Service Deleted : PirritUpdater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Pirrit
Folder Deleted : C:\Users\Lizbeth\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Lizbeth\AppData\Local\Temp\Mega Browse
Folder Deleted : C:\Users\Lizbeth\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lizbeth\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Lizbeth\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Lizbeth\AppData\Roaming\Pirrit
Folder Deleted : C:\Users\Lizbeth\AppData\Roaming\SpeedanAlysis
Folder Deleted : C:\Users\Lizbeth\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lizbeth\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\System32\Tasks\PC Performer
File Deleted : C:\Windows\Tasks\SaveSense.job
File Deleted : C:\Windows\System32\Tasks\SaveSense
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E4C1385-C774-4650-A5D7-F762FC0EE1D2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4C1385-C774-4650-A5D7-F762FC0EE1D2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33240814-39F2-4984-9694-006D8F771A57}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33240814-39F2-4984-9694-006D8F771A57}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7BEC618-62B5-47EF-86FB-6CAA723E8B69}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7BEC618-62B5-47EF-86FB-6CAA723E8B69}
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKCU\Software\52288dee03eb948
Key Deleted : HKLM\SOFTWARE\52288dee03eb948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Pirrit
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [12768 octets] - [06/04/2014 14:45:13]
AdwCleaner[S0].txt - [13031 octets] - [06/04/2014 14:51:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13092 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Lizbeth on 06/04/2014 at 15:12:58.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3896089956-457986621-1509175122-1000\Software\sweetim
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/04/2014 at 15:21:48.66
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

OTL logfile created on: 06/04/2014 15:24:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lizbeth\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.28% Memory free
4.19 Gb Paging File | 3.28 Gb Available in Paging File | 78.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 54.95 Gb Free Space | 40.28% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.78 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT
 
Computer Name: LIZBETH-PC | User Name: Lizbeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/05 18:17:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
PRC - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () -- C:\Program Files\WinRST\WinRST.exe
PRC - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/03 09:30:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/27 06:48:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/02/13 20:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/02 04:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/09 11:52:48 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/09 11:52:44 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/09 11:52:44 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/09 11:52:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008/03/26 23:24:13 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/05/25 08:00:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 16:16:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\WinRST\WinRST.exe -- (WinRST)
SRV - [2014/01/21 16:25:34 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/03/27 06:48:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/13 20:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/02 04:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/27 20:17:48 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 20:17:48 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 20:17:48 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/01/02 04:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/05/09 11:52:42 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/29 06:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/25 11:13:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/25 09:15:06 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/25 09:15:06 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/04/25 09:15:04 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26ec3b5b-aa6a-4247-9c59-9788deea28a2}: C:\Program Files\BlockAndSurf Corp\158.xpi
 
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions
[2013/03/21 11:41:14 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/04/06 14:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/04/04 16:52:21 | 000,036,932 | ---- | M] () (No name found) -- C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/03/21 11:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - Extension: Google Drive = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Freemake Video Converter = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension:  MalaysiaBay Redirector = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdoddcdidelnlglppigljlmnkgafjjf\0.3_0\
CHR - Extension: Google Wallet = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/04 16:53:38 | 000,008,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 216.239.32.20 google.com 
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar 
O1 - Hosts: 216.239.32.20 google.com www.google.as 
O1 - Hosts: 216.239.32.20 google.com www.google.at 
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az 
O1 - Hosts: 216.239.32.20 google.com www.google.ba 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd 
O1 - Hosts: 216.239.32.20 google.com www.google.be 
O1 - Hosts: 216.239.32.20 google.com www.google.bf 
O1 - Hosts: 216.239.32.20 google.com www.google.bg 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh 
O1 - Hosts: 216.239.32.20 google.com www.google.bi 
O1 - Hosts: 216.239.32.20 google.com www.google.bj 
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn 
O1 - Hosts: 170 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07985FFF-73D5-474C-9162-281F0489E4BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C75EBECB-99C2-48D0-8BC0-F6139C87B0CB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell - "" = AutoRun
O33 - MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 15:08:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/06 14:45:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 14:44:18 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Lizbeth\Desktop\JRT.exe
[2014/04/06 12:44:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/04/06 12:42:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/05 18:27:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
[2014/04/05 12:22:57 | 000,000,000 | R--D | C] -- C:\Users\Lizbeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/04 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Local\WinRST
[2014/04/04 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRST
[2014/04/04 16:50:04 | 001,176,896 | ---- | C] (AnyProtect.com) -- C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/04 16:04:35 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/24 18:47:01 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
[2014/03/24 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2014/03/24 17:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2014/03/24 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Lizbeth\AppData\Roaming\Template
[2014/03/22 19:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hazard Perception Training
[2014/03/22 19:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success
[2014/03/22 11:44:28 | 000,000,000 | ---D | C] -- C:\lgvpcv
[2014/03/22 11:43:11 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[1 C:\Users\Lizbeth\AppData\Local\*.tmp files -> C:\Users\Lizbeth\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/06 15:26:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 15:26:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 15:19:24 | 000,632,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/06 15:19:24 | 000,111,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/06 15:13:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 15:10:11 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 15:10:11 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 15:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/06 15:09:41 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/06 15:01:21 | 264,801,431 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/06 14:39:38 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Lizbeth\Desktop\JRT.exe
[2014/04/06 14:38:20 | 001,426,178 | ---- | M] () -- C:\Users\Lizbeth\Desktop\AdwCleaner.exe
[2014/04/05 18:17:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lizbeth\Desktop\OTL.exe
[2014/04/05 10:59:11 | 000,000,080 | ---- | M] () -- C:\Users\Lizbeth\AppData\Roaming\WB.CFG
[2014/04/05 10:33:08 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/04 16:54:38 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/04 16:53:38 | 000,008,846 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/03 11:08:26 | 001,176,896 | ---- | M] (AnyProtect.com) -- C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/31 17:00:07 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/03/24 17:54:21 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/03/24 17:26:45 | 000,008,704 | ---- | M] () -- C:\Users\Lizbeth\Documents\lizbeths CV.wps
[2014/03/24 17:26:45 | 000,000,294 | ---- | M] () -- C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
[2014/03/22 19:52:32 | 000,058,368 | ---- | M] () -- C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/22 11:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\PROTOCOL.INI
[2014/03/22 11:41:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/03/22 11:41:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/03/15 16:47:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\Lizbeth\AppData\Local\*.tmp files -> C:\Users\Lizbeth\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/06 14:44:12 | 001,426,178 | ---- | C] () -- C:\Users\Lizbeth\Desktop\AdwCleaner.exe
[2014/04/06 12:43:22 | 264,801,431 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/04 16:54:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/04 15:59:29 | 000,000,080 | ---- | C] () -- C:\Users\Lizbeth\AppData\Roaming\WB.CFG
[2014/03/24 19:49:21 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/24 18:53:55 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/03/24 17:54:21 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/03/24 17:26:45 | 000,008,704 | ---- | C] () -- C:\Users\Lizbeth\Documents\lizbeths CV.wps
[2014/03/24 17:21:37 | 000,000,294 | ---- | C] () -- C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
[2014/03/22 11:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2014/03/22 11:41:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/03/22 11:41:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/18 15:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 15:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 15:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 15:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/06/27 20:17:49 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 19:40:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 19:40:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/03/02 19:34:05 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/02 19:34:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/12/02 22:33:22 | 000,058,368 | ---- | C] () -- C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/12/03 09:32:19 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/03 09:25:10 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/03/24 18:17:49 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Samsung
[2013/12/07 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\TeamViewer
[2014/03/24 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Template
[2014/04/03 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\uTorrent
[2014/04/06 15:11:13 | 000,000,000 | ---D | M] -- C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
The issues still remain with the control panel uninstaller and the internet access.

  • 0

#15
Machiavelli
Posted 06 April 2014 - 08:53 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK there's more than Adware I feel :/ We will use now a more powerful tool than OTL, if this doesn't help we will use the "big hammer".

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP