Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Something trying to install and Avast finding malware.

Started by Faithsa , Jun 21 2014 01:43 PM

  • This topic is locked This topic is locked

#1
Faithsa
Posted 21 June 2014 - 01:43 PM

Faithsa

    Member

  • Member
  • PipPipPip
  • 190 posts

I tried to install Skype back onto my pc after getting a new hd and it was downloading other stuff that I didn't want so I aborted it and removed the pc backup that got in there.  There was also a vop something that wanted to be 'configured' which I kept declining and then deleted.  Windows seems to still be trying to install something but I don't know what it is or how to remove it.  I was hoping you could help with that and make sure there is no other malware on my sytem.

thank you!

 

OTL logfile created on: 6/21/2014 3:22:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabrina\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.23 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 30.69% Memory free
4.49 Gb Paging File | 1.98 Gb Available in Paging File | 44.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 778.07 Gb Free Space | 83.54% Space Free | Partition Type: NTFS
Drive D: | 663.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/21 15:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Downloads\OTL.exe
PRC - [2014/06/05 21:47:51 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 09:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/20 14:12:52 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2013/09/20 14:12:52 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2013/09/20 14:12:52 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/18 21:46:31 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/09/20 13:50:06 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2013/09/17 04:54:38 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
MOD - [2013/09/17 04:54:38 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
MOD - [2013/09/17 04:54:38 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/18 21:46:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/21 14:05:48 | 000,073,216 | ---- | M] () [Auto | Running] -- C:\Users\Sabrina\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)
SRV - [2014/05/20 15:58:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/15 17:20:50 | 000,443,224 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/20 15:51:34 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/20 15:51:34 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/20 15:51:34 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/18 21:46:32 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/18 21:46:32 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/18 21:46:32 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/18 21:46:32 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/04/18 21:46:31 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/09/21 15:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 15:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/26 01:15:48 | 000,287,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/...=1121179453&ir=
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/...=1121179453&ir=
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Speedial = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\
CHR - Extension: Speedial = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Adblock Plus = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock Plus = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: avast! Online Security = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: JavaScript Popup Blocker = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\
CHR - Extension: Google Wallet = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Del965873171] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [VOPackage] C:\Users\Sabrina\AppData\Roaming\VOPackage\VOPackage.exe ( )
O4 - Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF9B853-1BC6-4DD4-AF31-2700ECA4F5A4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/31 06:39:28 | 000,000,054 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c42d2f71-c74f-11e3-84a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c42d2f71-c74f-11e3-84a5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.Now.exe -- [2007/06/20 12:03:19 | 000,151,552 | R--- | M] (Mastertronic Games Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/21 14:21:15 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Skype
[2014/06/21 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Skype
[2014/06/21 14:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/21 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/21 14:20:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/06/21 14:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/06/21 14:17:58 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Speedial
[2014/06/21 14:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial
[2014/06/21 14:04:51 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\VOPackage
[2014/06/11 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Documents\Worship Music
[2014/06/09 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Apple Computer
[2014/06/09 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/09 14:16:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/06/09 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/09 14:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/09 14:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/09 14:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/06/09 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Apple Computer
[2014/06/09 14:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/09 12:40:36 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Apple
[2014/06/09 12:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/06/09 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/06/09 12:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/06/09 12:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/06/09 12:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/06/09 12:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/06/04 14:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software
[2014/06/04 14:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/06/04 14:15:06 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Leadertech
[2014/06/04 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/06/04 14:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/06/04 14:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/06/04 14:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2014/05/23 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Garmin
[2014/05/23 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/05/23 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Garmin
[2014/05/23 10:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2014/05/23 10:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/05/23 10:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2014/05/23 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/21 15:18:53 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/06/21 14:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 14:56:10 | 000,001,099 | ---- | M] () -- C:\Users\Sabrina\Desktop\Continue VuuPC Installation.lnk
[2014/06/21 14:40:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/21 14:20:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/21 14:17:27 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/20 18:40:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/19 18:42:27 | 000,039,678 | ---- | M] () -- C:\Users\Sabrina\Documents\2014 June 19th Budget - Hugh & Sabrina.ods
[2014/06/19 18:42:26 | 000,000,102 | -H-- | M] () -- C:\Users\Sabrina\Documents\.~lock.2014 June 19th Budget - Hugh & Sabrina.ods#
[2014/06/16 17:27:34 | 002,080,595 | ---- | M] () -- C:\Users\Sabrina\Documents\TBS Nati Reflections rs sale listing.pdf
[2014/06/15 04:48:58 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/15 04:48:58 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/15 04:48:58 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/11 10:24:23 | 000,038,822 | ---- | M] () -- C:\Users\Sabrina\Documents\2014 June 11th Budget - Hugh & Sabrina.ods
[2014/06/10 10:07:57 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 10:07:57 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/10 10:02:12 | 000,001,112 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/10 10:00:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/10 10:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/10 10:00:09 | 1796,694,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/09 14:17:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 14:14:08 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/04 14:13:24 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2014/05/28 16:13:46 | 000,546,840 | ---- | M] () -- C:\Users\Sabrina\Documents\Swap listing 5-28-14.odt
[2014/05/28 16:05:49 | 000,676,421 | ---- | M] () -- C:\Users\Sabrina\Documents\Didymos Love and Support sale listing 5-28-14.odt
[2014/05/25 20:35:07 | 003,299,245 | ---- | M] () -- C:\Users\Sabrina\Documents\Swap listing 5-25-14.odt
[2014/05/23 10:41:32 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/21 14:20:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/21 14:18:01 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Speedial.job
[2014/06/21 14:16:03 | 000,001,099 | ---- | C] () -- C:\Users\Sabrina\Desktop\Continue VuuPC Installation.lnk
[2014/06/19 18:42:26 | 000,000,102 | -H-- | C] () -- C:\Users\Sabrina\Documents\.~lock.2014 June 19th Budget - Hugh & Sabrina.ods#
[2014/06/19 18:42:25 | 000,039,678 | ---- | C] () -- C:\Users\Sabrina\Documents\2014 June 19th Budget - Hugh & Sabrina.ods
[2014/06/16 17:27:33 | 002,080,595 | ---- | C] () -- C:\Users\Sabrina\Documents\TBS Nati Reflections rs sale listing.pdf
[2014/06/11 10:24:20 | 000,038,822 | ---- | C] () -- C:\Users\Sabrina\Documents\2014 June 11th Budget - Hugh & Sabrina.ods
[2014/06/10 10:02:12 | 000,001,112 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/06/09 14:17:24 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 14:14:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/09 12:40:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/06/04 14:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/04 14:13:24 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2014/05/28 16:13:44 | 000,546,840 | ---- | C] () -- C:\Users\Sabrina\Documents\Swap listing 5-28-14.odt
[2014/05/28 16:05:46 | 000,676,421 | ---- | C] () -- C:\Users\Sabrina\Documents\Didymos Love and Support sale listing 5-28-14.odt
[2014/05/25 20:35:01 | 003,299,245 | ---- | C] () -- C:\Users\Sabrina\Documents\Swap listing 5-25-14.odt
[2014/05/23 10:41:32 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/04/18 19:08:47 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/21 15:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 15:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 15:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/19 07:08:32 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVAST Software
[2014/05/23 10:42:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Garmin
[2014/06/04 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Leadertech
[2014/04/18 21:43:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice
[2014/06/21 14:17:58 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Speedial
[2014/04/18 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack
[2014/04/18 21:45:04 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack 2012
[2014/06/21 14:05:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\VOPackage
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
zep516
Posted 21 June 2014 - 02:34 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post:

    1- AdwCleaner [SO].txt
    2- JRT.txt Log.

    Thanks
    Joe :)

  • 0

#3
Faithsa
Posted 22 June 2014 - 08:59 PM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

Sorry I didn't get to this today I'll take care of it tomorrow morning.  We had a busy day today :)


  • 0

#4
zep516
Posted 22 June 2014 - 09:03 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
That's fine, thanks for letting me know.

Joe
  • 0

#5
Faithsa
Posted 23 June 2014 - 11:18 AM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
# AdwCleaner v3.213 - Report created 23/06/2014 at 12:48:28
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Sabrina - SABRINA-PC
# Running from : C:\Users\Sabrina\Downloads\adwcleaner_3.213.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Speedial
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\Speedial
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\VOPackage
File Deleted : C:\Users\Sabrina\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Windows\Tasks\Speedial.job
File Deleted : C:\Windows\System32\Tasks\Speedial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=350&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6934074669934200&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36224443593107129&ctid=CT3317127&UM=2
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtA0C0AyCyEtAtCyE0AtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByDtDyEyD0EtG0EyB0EtAtG0F0FzyyCtG0FyCtCyCtGyByEtA0AtDzztA0C0ByCzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDzyzyyB0FyBtG0EtBzyyCtG0AzytCyDtG0CtCtBtDtGtDyB0C0B0BtD0CyD0Czz0AtD2Q&cr=1121179453&ir=
Deleted [Startup_urls] : hxxp://www.searchnu.com/406
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3317127&SearchSource=48&CUI=UN36224443593107129&UM=2
Deleted [Startup_urls] : hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtA0C0AyCyEtAtCyE0AtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByDtDyEyD0EtG0EyB0EtAtG0F0FzyyCtG0FyCtCyCtGyByEtA0AtDzztA0C0ByCzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDzyzyyB0FyBtG0EtBzyyCtG0AzytCyDtG0CtCtBtDtGtDyB0C0B0BtD0CyD0Czz0AtD2Q&cr=1121179453&ir=
Deleted [Homepage] : hxxps://mail.google.com/mail/u/0/?shva=1#inbox
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
 
*************************
 
AdwCleaner[R0].txt - [3923 octets] - [23/06/2014 12:46:38]
AdwCleaner[S0].txt - [3309 octets] - [23/06/2014 12:48:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3369 octets] ##########
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Sabrina on Mon 06/23/2014 at 12:55:51.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/23/2014 at 13:07:22.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516
Posted 23 June 2014 - 01:40 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/...=1121179453&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1121179453&ir=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/...=1121179453&ir=
O4 - HKLM..\RunOnce: [VOPackage] C:\Users\Sabrina\AppData\Roaming\VOPackage\VOPackage.exe ( )
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/06/21 14:17:58 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Speedial
[2014/06/21 14:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial
[2014/06/21 14:04:51 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\VOPackage
[2014/06/21 15:18:53 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/06/21 14:18:01 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Speedial.job

:Files

ipconfig /flushdns /c
C:\Users\Sabrina\AppData\Roaming\Speedial
C:\Users\Sabrina\AppData\Roaming\VOPackage


:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post
1- The OTL Fix log, that log should pop up in front of you, it's also located here->C:\_OTL\Moved Files
2- New OTL After Quick scan.

Thanks
Joe
  • 0

#7
Faithsa
Posted 25 June 2014 - 05:59 AM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

Oh geez!  I"m sorry, I forgot yesterday!  I'll have to do this tonight.  (sorry)


  • 0

#8
Faithsa
Posted 25 June 2014 - 08:38 PM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\VOPackage not found.
File C:\Users\Sabrina\AppData\Roaming\VOPackage\VOPackage.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Folder C:\Users\Sabrina\AppData\Roaming\Speedial\ not found.
Folder C:\Program Files (x86)\Speedial\ not found.
Folder C:\Users\Sabrina\AppData\Roaming\VOPackage\ not found.
File C:\Windows\tasks\Speedial.job not found.
File C:\Windows\tasks\Speedial.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sabrina\Downloads\cmd.bat deleted successfully.
C:\Users\Sabrina\Downloads\cmd.txt deleted successfully.
File\Folder C:\Users\Sabrina\AppData\Roaming\Speedial not found.
File\Folder C:\Users\Sabrina\AppData\Roaming\VOPackage not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sabrina
->Temp folder emptied: 168865702 bytes
->Temporary Internet Files folder emptied: 184593938 bytes
->Google Chrome cache emptied: 448931503 bytes
->Flash cache emptied: 833 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22388931 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 121178385 bytes
 
Total Files Cleaned = 902.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06252014_222626
 
Files\Folders moved on Reboot...
C:\Users\Sabrina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#9
Faithsa
Posted 25 June 2014 - 08:50 PM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
OTL logfile created on: 6/25/2014 10:39:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabrina\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.23 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 55.93% Memory free
4.46 Gb Paging File | 3.32 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 777.85 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 663.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/21 15:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Downloads\OTL.exe
PRC - [2014/06/05 21:47:51 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/15 17:20:50 | 000,443,224 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/04/18 21:46:30 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/18 21:46:31 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/18 21:46:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/20 15:58:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/15 17:20:50 | 000,443,224 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/20 15:51:34 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/20 15:51:34 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/20 15:51:34 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/18 21:46:32 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/18 21:46:32 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/18 21:46:32 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/18 21:46:32 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/04/18 21:46:31 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/09/21 15:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 15:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/26 01:15:48 | 000,287,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: Adblock Plus = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock Plus = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: avast! Online Security = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: JavaScript Popup Blocker = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\
CHR - Extension: Google Wallet = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/25 22:28:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF9B853-1BC6-4DD4-AF31-2700ECA4F5A4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/31 06:39:28 | 000,000,054 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c42d2f71-c74f-11e3-84a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c42d2f71-c74f-11e3-84a5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.Now.exe -- [2007/06/20 12:03:19 | 000,151,552 | R--- | M] (Mastertronic Games Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/25 22:26:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/23 12:55:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/23 12:47:14 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/23 12:46:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/21 14:21:15 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Skype
[2014/06/21 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Skype
[2014/06/21 14:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/21 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/21 14:20:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/06/21 14:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/06/11 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Documents\Worship Music
[2014/06/09 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Apple Computer
[2014/06/09 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/09 14:16:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/06/09 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/09 14:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/09 14:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/09 14:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/09 14:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/06/09 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Apple Computer
[2014/06/09 14:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/09 12:40:36 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Apple
[2014/06/09 12:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/06/09 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/06/09 12:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/06/09 12:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/06/09 12:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/06/09 12:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/06/04 14:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software
[2014/06/04 14:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/06/04 14:15:06 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Leadertech
[2014/06/04 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/06/04 14:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/06/04 14:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/06/04 14:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/25 22:41:15 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 22:41:15 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 22:40:56 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/25 22:40:33 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/25 22:40:33 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/25 22:40:33 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/25 22:33:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/25 22:33:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/25 22:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/25 22:33:38 | 1796,694,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/25 22:28:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/25 21:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 19:24:11 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/21 14:20:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/19 18:42:27 | 000,039,678 | ---- | M] () -- C:\Users\Sabrina\Documents\2014 June 19th Budget - Hugh & Sabrina.ods
[2014/06/16 17:27:34 | 002,080,595 | ---- | M] () -- C:\Users\Sabrina\Documents\TBS Nati Reflections rs sale listing.pdf
[2014/06/11 10:24:23 | 000,038,822 | ---- | M] () -- C:\Users\Sabrina\Documents\2014 June 11th Budget - Hugh & Sabrina.ods
[2014/06/09 14:17:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 14:14:08 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/04 14:13:24 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2014/05/28 16:13:46 | 000,546,840 | ---- | M] () -- C:\Users\Sabrina\Documents\Swap listing 5-28-14.odt
[2014/05/28 16:05:49 | 000,676,421 | ---- | M] () -- C:\Users\Sabrina\Documents\Didymos Love and Support sale listing 5-28-14.odt
 
========== Files Created - No Company Name ==========
 
[2014/06/21 14:20:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/19 18:42:25 | 000,039,678 | ---- | C] () -- C:\Users\Sabrina\Documents\2014 June 19th Budget - Hugh & Sabrina.ods
[2014/06/16 17:27:33 | 002,080,595 | ---- | C] () -- C:\Users\Sabrina\Documents\TBS Nati Reflections rs sale listing.pdf
[2014/06/11 10:24:20 | 000,038,822 | ---- | C] () -- C:\Users\Sabrina\Documents\2014 June 11th Budget - Hugh & Sabrina.ods
[2014/06/09 14:17:24 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 14:14:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/09 12:40:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/06/04 14:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/04 14:13:24 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2014/05/28 16:13:44 | 000,546,840 | ---- | C] () -- C:\Users\Sabrina\Documents\Swap listing 5-28-14.odt
[2014/05/28 16:05:46 | 000,676,421 | ---- | C] () -- C:\Users\Sabrina\Documents\Didymos Love and Support sale listing 5-28-14.odt
[2014/04/18 19:08:47 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/21 15:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 15:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 15:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/19 07:08:32 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVAST Software
[2014/05/23 10:42:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Garmin
[2014/06/04 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Leadertech
[2014/04/18 21:43:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice
[2014/04/18 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack
[2014/04/18 21:45:04 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack 2012
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#10
zep516
Posted 25 June 2014 - 08:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
How is everything any issues remain ?
  • 0

Advertisements

#11
Faithsa
Posted 26 June 2014 - 02:02 PM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

So far seems ok.  :)  I know when I worked with someone on my pc before the hd crashed, he had me doing malware bytes regularly to make sure nothing else decided to 'invade'.  Is that something I can still do?


  • 0

#12
zep516
Posted 26 June 2014 - 04:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello.

Yes running Malwarebytes once a week is a very good idea.

Lets check for anything else with an On-Line Scan. This may take a while to run.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET Log please.

Thanks
Joe :)
  • 0

#13
Faithsa
Posted 28 June 2014 - 06:21 AM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

I saw that it found 6 threats but I can't find the log. I didn't delete the program either but I can't find it.


  • 0

#14
zep516
Posted 29 June 2014 - 04:52 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
See if the log is here C:\Program Files(x86)\ESET\Esetonlinescanner\log.txt).
  • 0

#15
Faithsa
Posted 29 June 2014 - 07:21 PM

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

nope.  nothing.

should I just run the scan again?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP