Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Protect Malware [Solved]

Search Protect wajam conduit protect

  • This topic is locked This topic is locked

#1
ChenobieTiger

ChenobieTiger

    Member

  • Member
  • PipPip
  • 25 posts

I have had a persistent malware invade my computer and just can't shake it.  After scans of malwarebytes I found several pub files under the gueise of Search Protect.  My computer lags terribly.   

I have a Windows XP sp3 pc. I as using F-Secure security sweet until my computer was compromised,  but since switched to Avast, and cannot fully remove Charter's F-Secure suite. Here is my OTL .. 

   

OTL logfile created on: 9/4/2014 6:28:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.23 Mb Total Physical Memory | 378.96 Mb Available Physical Memory | 37.33% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 6.76 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive D: | 7.28 Gb Total Space | 5.92 Gb Free Space | 81.38% Space Free | Partition Type: FAT32
 
Computer Name: USER-5FD707D9E9 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/04 18:28:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2014/08/29 22:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/07/31 08:45:45 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/25 12:52:40 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/07/05 15:59:23 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/27 08:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
PRC - [2014/02/05 15:55:54 | 000,125,424 | ---- | M] (AnalogX, LLC) -- C:\Program Files\AnalogX\MaxMem\maxmem.exe
PRC - [2013/10/03 18:32:21 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- c:\WINDOWS\SoftwareDistribution\Download\Install\stacsv.exe
PRC - [2008/12/03 02:57:30 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/07/30 13:56:16 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/07/30 13:56:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/04 17:00:07 | 002,844,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14090401\algo.dll
MOD - [2014/08/29 22:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppgooglenaclpluginchrome.dll
MOD - [2014/08/29 22:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014/08/29 22:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014/07/05 15:59:50 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/05 15:59:35 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2008/07/30 13:52:10 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/07/30 10:55:02 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\fshoster32.exe -- (fshoster)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/25 12:52:40 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/07/05 15:59:23 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/27 08:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\WINDOWS\SoftwareDistribution\Download\Install\stacsv.exe -- (STacSV)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnitdi32.sys -- (fsnitdi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnixp32.sys -- (fsni)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/09/04 16:53:37 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/05 16:02:15 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/05 16:00:03 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/05 16:00:03 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/07/05 16:00:02 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/07/05 16:00:01 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/05 16:00:01 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/05 16:00:01 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/07/05 16:00:00 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/17 18:26:36 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/07/21 11:28:51 | 002,696,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/03 20:43:18 | 001,640,131 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 15:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/19 04:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/07/24 17:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/24 17:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 15:16:12 | 000,015,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\swsetup\SP48673\UCORESYS.SYS -- (UCORESYS)
DRV - [2008/06/27 09:39:42 | 000,332,928 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187.sys -- (RTLWUSB)
DRV - [2008/05/30 11:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..searchreset.backup.keyword.URL: "&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/03 20:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/11/20 09:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/07/23 21:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1f0j34h3.default\extensions
[2014/09/03 20:32:01 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: [ cookies, homepage, searchProvider, startupPages, storage, unlimitedStorage, webRequest, webRequestBlocking ]
CHR - homepage: [ cookies, homepage, searchProvider, startupPages, storage, unlimitedStorage, webRequest, webRequestBlocking ]
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.600.19 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U60 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - default_search_provider: 58AF6FD3016BDCF13B65BAB42C9616F4DA3FBBA0DA4580F4DA04A115FE384506 (Enabled)
CHR - default_search_provider: search_url = BAE30032ED7142B8868945AB65112A1ECD853A93574077C2B41CC9AE12B094DC
CHR - default_search_provider: suggest_url = 
CHR - homepage: E9EDA781F6FFB445C7C3B186467F3E3D31CC21346CC321B11831F7DCD0B3592C
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Mahjongg = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_1\
CHR - Extension: avast! SafePrice = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\9.0.2022.120_0\
CHR - Extension: MagicScroll eBook Reader = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Murder Files = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf\2.0.26_0\
 
O1 HOSTS File: ([2013/08/28 19:51:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340735463109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342722038187 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F35DB5AF-4466-4277-A3A2-FA9EA501806B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 11:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/02 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Phone
[2014/08/31 20:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Skype
[2014/08/31 20:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Skype
[2014/08/31 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2014/08/23 23:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/23 23:36:59 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/23 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/23 23:32:46 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/08/23 23:31:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/11 21:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ashisoft
[2014/08/11 21:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Duplicate File Finder
[2014/08/11 21:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate File Finder
[2014/08/07 18:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Oracle
[2014/08/07 18:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
[2014/08/07 18:19:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2014/08/07 17:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/08/07 17:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/04 18:23:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/04 17:54:18 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/09/04 17:03:33 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/09/04 16:53:37 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/09/04 16:52:53 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/04 16:52:52 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/04 16:52:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1292428093-515967899-1004.job
[2014/09/04 16:52:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/03 20:33:03 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2014/09/03 20:30:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/03 12:45:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1292428093-515967899-1004.job
[2014/08/26 17:26:39 | 000,152,895 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Jakeatbeach.jpg
[2014/08/26 11:00:42 | 000,503,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/08/26 11:00:41 | 000,089,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/08/25 22:24:39 | 000,089,202 | ---- | M] () -- C:\Documents and Settings\user\Desktop\sisters.jpg
[2014/08/23 23:37:11 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 18:04:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/08/20 16:55:59 | 000,010,874 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cm.jpg
[2014/08/16 22:22:53 | 000,143,023 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lily&june.jpg
[2014/08/16 22:22:09 | 000,023,842 | ---- | M] () -- C:\Documents and Settings\user\Desktop\june.jpg
[2014/08/12 10:02:01 | 005,347,326 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pc manual.pdf
[2014/08/11 12:52:35 | 000,032,345 | ---- | M] () -- C:\Documents and Settings\user\Desktop\meandwill.jpg
[2014/08/08 15:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/07 18:18:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/03 20:33:03 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2014/08/26 17:26:35 | 000,152,895 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Jakeatbeach.jpg
[2014/08/25 22:24:31 | 000,089,202 | ---- | C] () -- C:\Documents and Settings\user\Desktop\sisters.jpg
[2014/08/23 23:37:11 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/20 16:55:51 | 000,010,874 | ---- | C] () -- C:\Documents and Settings\user\Desktop\cm.jpg
[2014/08/16 22:22:52 | 000,143,023 | ---- | C] () -- C:\Documents and Settings\user\Desktop\lily&june.jpg
[2014/08/16 22:21:52 | 000,023,842 | ---- | C] () -- C:\Documents and Settings\user\Desktop\june.jpg
[2014/08/12 10:01:57 | 005,347,326 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pc manual.pdf
[2014/08/11 12:52:32 | 000,032,345 | ---- | C] () -- C:\Documents and Settings\user\Desktop\meandwill.jpg
[2014/08/07 18:18:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2014/06/11 15:09:44 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/11 15:09:42 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/11 15:09:41 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/14 15:51:35 | 002,451,648 | ---- | C] () -- C:\WINDOWS\adb.exe
[2013/09/23 23:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2013/08/28 19:32:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/28 19:32:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/28 19:32:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/28 19:32:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/28 19:32:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/02 17:15:18 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/07/13 16:27:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/13 16:27:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/13 16:27:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/28 21:51:53 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2013/06/28 21:50:30 | 000,019,882 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini
[2013/05/05 11:43:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/11 19:31:26 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/12/03 16:17:55 | 000,102,259 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/12/03 16:17:55 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2012/11/25 12:10:10 | 000,000,237 | ---- | C] () -- C:\WINDOWS\MVPEUCHR.INI
[2012/11/25 12:10:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2012/11/25 09:12:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/11/15 15:39:41 | 000,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2012/11/15 14:38:21 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2012/07/19 15:49:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/23 15:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/22 01:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alawar
[2002/01/01 04:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alawar Stargaze
[2014/03/04 19:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AlawarEntertainment
[2013/07/05 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Artist Colony
[2014/06/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2013/07/01 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\casualArts
[2014/06/11 08:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2013/09/08 00:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
[2014/02/21 18:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2013/07/05 16:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
[2013/07/04 11:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
[2013/09/13 15:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Namco
[2013/09/23 18:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2013/11/02 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan
[2012/07/20 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/22 01:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Alawar
[2013/10/19 23:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Alawar Entertainment
[2013/10/19 23:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Alawar Stargaze
[2014/03/04 19:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AlawarEntertainment
[2014/08/11 21:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ashisoft
[2014/06/11 15:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVAST Software
[2012/11/15 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Boomzap
[2013/07/01 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\casualArts
[2013/10/07 19:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\cerasus.media
[2013/07/03 16:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Deep Shadows
[2014/07/08 09:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DigitalVolcano
[2014/06/11 15:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2013/09/22 01:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EleFun Games
[2014/03/14 14:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Friday's games
[2013/09/20 19:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Fugazo
[2013/07/03 16:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GameMill Entertainment
[2013/10/19 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GO Games
[2014/02/21 18:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hidden Objects Alice2
[2012/11/19 20:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle FaceCreator
[2013/06/17 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle Puzzle and Board Games
[2014/02/23 17:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Legacy Games
[2013/10/07 21:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LegacyInteractive
[2013/10/21 10:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Magic3
[2014/02/23 16:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MagicIndie
[2014/01/24 20:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mif2000's Hamlet
[2013/09/13 15:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Namco
[2013/03/09 12:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2013/07/13 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera Software
[2014/08/07 18:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Oracle
[2013/10/10 13:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OverDrive
[2013/08/02 17:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Photobucket
[2013/09/23 18:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PlayFirst
[2013/06/14 14:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Runes of Avalon
[2013/11/01 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony Online Entertainment
[2013/10/20 00:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpinTop Games
[2013/08/11 19:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SystemRequirementsLab
[2013/09/29 20:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TMInc
[2002/01/06 07:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\V-Games
[2013/11/02 22:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Visan
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if we can get you back up and running properly

First could you uninstall the following programme :

Charter Security Suite

THEN


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnitdi32.sys -- (fsnitdi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnixp32.sys -- (fsni)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/10/17 18:26:36 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
[2014/06/11 08:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure

:Files
C:\Program Files\Charter Security Suite

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
NEXT

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
ChenobieTiger

ChenobieTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Sorry that I took so long to post this, but storms took out our power for the weekend.   Thank you for you help! I have attempted to uninstall via the control panel, but there is no listing. So I tried to go through the folders in the computer and delete all the files I could to remove it. 

 

I am posting the OTL fix only because I noticed that one of the items failed to move, in the event it's important. 

 

 

OTL after Run fix   

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service fsnitdi stopped successfully!
Service fsnitdi deleted successfully!
File C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnitdi32.sys not found.
Service fsni stopped successfully!
Service fsni deleted successfully!
File C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnixp32.sys not found.
Service F-Secure HIPS stopped successfully!
Service F-Secure HIPS deleted successfully!
File C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys not found.
Service F-Secure Gatekeeper stopped successfully!
Service F-Secure Gatekeeper deleted successfully!
File C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys not found.
Service fsbts stopped successfully!
Service fsbts deleted successfully!
C:\WINDOWS\system32\drivers\fsbts.sys moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\temp\CUIF\StyleSheets folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\temp\CUIF folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_964 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_844 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_800 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_796 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_580 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_572 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_560 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_544 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_424 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_408 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_308 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_280 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_228 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2128 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2044 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2040 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2036 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2028 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2024 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2016 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2012 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_2004 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1992 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1988 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1980 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1968 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1960 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1956 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1952 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1936 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1828 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1808 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1784 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1780 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1776 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1768 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1764 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1760 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_176 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1752 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1748 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1740 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1736 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1720 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_172 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1716 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1704 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1700 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1696 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1692 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1684 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1680 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1672 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1668 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1664 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1660 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1612 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_156 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_148 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_144 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1408 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1380 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1372 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1328 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1320 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1256 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1228 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_116 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_1152 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\certs_108 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL\42626 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\SECL folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository\TAR scheduled to be moved on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository\Samples folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository\Info folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository\Index folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\temp\fs_upgrade_handler folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\temp\download\download_service_42626_installer_5 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\temp\download folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\8\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\8 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\5\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\5 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\4\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\4 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\1\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626\1 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound\42626 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA\latebound folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\MySA folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\SpamControl folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\sidegrade folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\SECL folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\removal folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ORSP Client folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\MySA folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\hotfix folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\HIPS folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\Gemini folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\FSNID folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\FSMA folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\FSCC folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\FSAV\Users folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\FSAV folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\daas folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\CUIF folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity\ULFW folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity\setup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity\FSGUI folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity\FSGadget folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity\FirewallUtility folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\ComputerSecurity folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\CCFSettings folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\CCFIPC folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\CCF folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs\AUA folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Logs folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\Settings folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\help folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\FSCC\localization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\FSCC\customization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\FSCC folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\BPP\ui folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\BPP\localization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600\BPP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\600 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Settings folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\html_app folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fssc folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsma folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsgui folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsgadget folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsfw folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsav folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization\fsasw folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\localization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\help folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\html_app folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\graphics\icons folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\graphics\buttons folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\graphics\bitmaps folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\graphics folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\gadget folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\cuif folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization\common folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200\Customization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\200 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\108\42626\help folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\108\42626 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\108 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100\42626\ui folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100\42626\Settings folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100\42626\localization folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100\42626\help folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100\42626 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound\100 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\latebound folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\subscriptions folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\segmentation_rules\guts.sp.f-secure.com_80 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\segmentation_rules folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\installation_status folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\header folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\OS_2_83_1329_WIN32 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\orsp-win-v2\1370467978 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\orsp-win-v2 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\mlcwin\1391497725 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\mlcwin folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\hydrawin folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\hipsn\1404491040 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\hipsn folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\gemdb\1403187369 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\gemdb folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\fsav_1000_bin\1403511452 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\fsav_1000_bin folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\CCFNETWORK_1_2_128_WIN32 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\CCFBASIC_1_83_311_WIN32 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\BLENG folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\avmisc\1369636185 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\avmisc folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\ASPAM folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content\aquawin32 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com\content folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA\guts.sp.f-secure.com folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\FSAUA folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\DAAS2\cert folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\DAAS2\acl folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\DAAS2 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure folder moved successfully.
========== FILES ==========
C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common folder moved successfully.
C:\Program Files\Charter Security Suite\apps\ComputerSecurity folder moved successfully.
C:\Program Files\Charter Security Suite\apps folder moved successfully.
C:\Program Files\Charter Security Suite folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.USER-5FD707D9E9
->Temp folder emptied: 2844 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users.WINDOWS
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: user
->Temp folder emptied: 6052993949 bytes
->Temporary Internet Files folder emptied: 4505865 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 101666009 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 740 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108232279 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 120123494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 800 bytes
 
Total Files Cleaned = 6,092.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09072014_194631
 
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure\Quarantine\Repository\TAR not found!
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-5FD707D9E9 on 07-09-2014 20:05:30
Running from C:\Documents and Settings\user\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IDT, Inc.) C:\WINDOWS\SoftwareDistribution\Download\Install\stacsv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(IDT, Inc.) C:\WINDOWS\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AnalogX, LLC) C:\Program Files\AnalogX\MaxMem\maxmem.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [729088 2008-12-03] (Andrea Electronics Corporation)
HKLM\...\Run: [IDTSysTrayApp] => C:\WINDOWS\sttray.exe [450652 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [450652 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-10-03] (RealNetworks, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] 
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\MaxMem.lnk
ShortcutTarget: MaxMem.lnk -> C:\Program Files\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1f0j34h3.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files\Sony Online Entertainment\npsoe.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?a=hp
CHR StartupUrls: Default -> "https://www.yahoo.co...&type=avastbcl"
CHR DefaultSearchKeyword: Default -> trovi.com
CHR DefaultSearchURL: Default -> http://www.trovi.com...CSF=SPX_DEFAULT
CHR DefaultSuggestURL: Default -> http://suggest.secci...CSF=SPX_SUGGEST
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U60) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (Mahjongg) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-05-30]
CHR Extension: (avast! SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-04]
CHR Extension: (MagicScroll eBook Reader) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-07-04]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-11]
CHR Extension: (Murder Files) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-07-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\user\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-27]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 STacSV; c:\windows\softwaredistribution\download\install\STacSV.exe [217170 2009-06-03] (IDT, Inc.)
S4 fshoster; "C:\Program Files\Charter Security Suite\fshoster32.exe" -hosterid:0 [X]
S4 FSMA; "C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE" [X]
S4 FSORSPClient; "C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe" [X]
S4 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R2 yksvc; RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-04-11] (Cisco Systems, Inc.) [File not signed]
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-03-19] (Andrea Electronics Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696320 2012-07-21] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2008-05-30] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2008-07-24] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
R3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-07-24] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-07] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [332928 2008-06-27] (Realtek Semiconductor Corporation                           )
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1640131 2009-06-03] (IDT, Inc.)
S3 UCORESYS; c:\SwSetup\SP48673\UCORESYS.SYS [15432 2008-07-24] ()
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [290432 2008-09-19] (Marvell)
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 20:02 - 2014-09-07 20:05 - 00000000 ____D () C:\FRST
2014-09-07 19:58 - 2014-09-07 19:58 - 00055126 _____ () C:\Documents and Settings\user\Desktop\09072014_194631 after fix on otl.txt
2014-09-07 19:46 - 2014-09-07 19:46 - 00000000 ____D () C:\_OTL
2014-09-04 18:49 - 2014-09-04 18:49 - 00085254 _____ () C:\Documents and Settings\user\Desktop\OTL.Txt
2014-09-03 20:33 - 2014-09-03 20:33 - 00001733 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
2014-09-02 08:56 - 2014-09-02 09:31 - 00000000 ____D () C:\Documents and Settings\user\My Documents\My Phone
2014-08-31 20:55 - 2014-09-03 20:28 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Skype
2014-08-31 20:55 - 2014-08-31 20:55 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Skype
2014-08-31 20:54 - 2014-09-03 20:28 - 00000000 ____D () C:\Program Files\Skype
2014-08-23 23:37 - 2014-08-23 23:37 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 23:37 - 2014-08-23 23:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 23:36 - 2014-08-23 23:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 23:36 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-23 23:32 - 2014-09-07 19:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-08-23 23:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-23 12:09 - 2014-09-05 18:19 - 00009711 _____ () C:\WINDOWS\setupact.log
2014-08-23 12:09 - 2014-08-23 12:09 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-16 11:48 - 2014-09-02 09:05 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-08-12 09:57 - 2014-09-07 19:27 - 00072096 _____ () C:\WINDOWS\setupapi.log
2014-08-11 21:31 - 2014-08-11 21:31 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Ashisoft
2014-08-11 21:30 - 2014-08-11 21:30 - 00000000 ____D () C:\Program Files\Duplicate File Finder
2014-08-11 21:30 - 2014-08-11 21:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Duplicate File Finder
2014-08-11 20:49 - 2014-08-11 20:49 - 06010880 _____ () C:\Program Files\GUT68F.tmp
2014-08-11 20:49 - 2014-08-11 20:49 - 00000000 ____D () C:\Program Files\GUM68E.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 20:06 - 2013-08-28 19:55 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\temp
2014-09-07 20:05 - 2014-09-07 20:02 - 00000000 ____D () C:\FRST
2014-09-07 20:02 - 2014-06-11 15:11 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-07 19:58 - 2014-09-07 19:58 - 00055126 _____ () C:\Documents and Settings\user\Desktop\09072014_194631 after fix on otl.txt
2014-09-07 19:58 - 2012-06-26 13:55 - 01949137 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 19:56 - 2014-04-08 08:29 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-07 19:56 - 2013-10-03 18:35 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1292428093-515967899-1004.job
2014-09-07 19:56 - 2013-07-05 17:42 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 19:56 - 2012-06-26 14:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-07 19:56 - 2012-06-26 09:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-07 19:56 - 2012-06-26 09:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-07 19:55 - 2012-06-26 14:05 - 00000178 ___SH () C:\Documents and Settings\user\ntuser.ini
2014-09-07 19:55 - 2012-06-26 14:03 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-07 19:54 - 2013-11-02 22:22 - 00000520 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-09-07 19:47 - 2013-09-20 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator.USER-5FD707D9E9\Local Settings\Temp
2014-09-07 19:47 - 2013-08-28 19:55 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-09-07 19:46 - 2014-09-07 19:46 - 00000000 ____D () C:\_OTL
2014-09-07 19:40 - 2014-08-23 23:32 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-09-07 19:27 - 2014-08-12 09:57 - 00072096 _____ () C:\WINDOWS\setupapi.log
2014-09-07 19:23 - 2013-07-05 17:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 10:25 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-05 18:19 - 2014-08-23 12:09 - 00009711 _____ () C:\WINDOWS\setupact.log
2014-09-04 18:49 - 2014-09-04 18:49 - 00085254 _____ () C:\Documents and Settings\user\Desktop\OTL.Txt
2014-09-03 20:33 - 2014-09-03 20:33 - 00001733 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
2014-09-03 20:29 - 2013-09-20 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator.USER-5FD707D9E9
2014-09-03 20:29 - 2012-06-26 14:03 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-09-03 20:29 - 2012-06-26 14:03 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-09-03 20:29 - 2010-05-20 11:52 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-03 20:28 - 2014-08-31 20:55 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Skype
2014-09-03 20:28 - 2014-08-31 20:54 - 00000000 ____D () C:\Program Files\Skype
2014-09-03 12:45 - 2013-10-03 18:35 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1292428093-515967899-1004.job
2014-09-02 09:31 - 2014-09-02 08:56 - 00000000 ____D () C:\Documents and Settings\user\My Documents\My Phone
2014-09-02 09:05 - 2014-08-16 11:48 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-09-02 08:56 - 2014-06-08 09:07 - 00000000 ____D () C:\Documents and Settings\user\Desktop\New Folder
2014-08-31 20:55 - 2014-08-31 20:55 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Skype
2014-08-26 11:00 - 2012-06-26 09:43 - 00604778 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-24 00:33 - 2012-07-19 10:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2718523$
2014-08-23 23:39 - 2014-02-17 11:44 - 00000000 ___RD () C:\Documents and Settings\user\My Documents\Google Drive
2014-08-23 23:37 - 2014-08-23 23:37 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 23:37 - 2014-08-23 23:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 23:37 - 2014-08-23 23:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 23:37 - 2013-08-26 18:33 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Malwarebytes
2014-08-23 23:36 - 2014-06-11 09:01 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-23 18:04 - 2010-05-20 04:39 - 00000327 __RSH () C:\boot.ini
2014-08-23 18:04 - 2008-04-14 08:00 - 00003474 _____ () C:\WINDOWS\win.ini
2014-08-23 18:04 - 2008-04-14 08:00 - 00000293 _____ () C:\WINDOWS\system.ini
2014-08-23 12:09 - 2014-08-23 12:09 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-22 19:38 - 2012-06-26 14:16 - 00000000 ____D () C:\Documents and Settings\user\My Documents\Bluetooth Exchange Folder
2014-08-13 14:33 - 2014-06-25 14:35 - 00000000 ____D () C:\Documents and Settings\user\Desktop\cindy
2014-08-13 09:51 - 2013-07-14 17:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 09:43 - 2012-06-26 15:24 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 21:31 - 2014-08-11 21:31 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Ashisoft
2014-08-11 21:30 - 2014-08-11 21:30 - 00000000 ____D () C:\Program Files\Duplicate File Finder
2014-08-11 21:30 - 2014-08-11 21:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Duplicate File Finder
2014-08-11 20:55 - 2014-02-17 11:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Drive
2014-08-11 20:49 - 2014-08-11 20:49 - 06010880 _____ () C:\Program Files\GUT68F.tmp
2014-08-11 20:49 - 2014-08-11 20:49 - 00000000 ____D () C:\Program Files\GUM68E.tmp
2014-08-10 18:54 - 2013-11-02 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations
2014-08-08 15:00 - 2014-04-08 08:29 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================-------------------------------------------------------------------------
 
Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by user at 2014-09-07 20:08:26
Running from C:\Documents and Settings\user\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Computer Security (Disabled - Up to date) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
15 Puzzle (HKLM\...\15 Puzzle) (Version:  - )
3D Pinball Express (HKLM\...\3D Pinball Express) (Version:  - )
3D Pool Shark (HKLM\...\3D Pool Shark) (Version:  - )
3D Windows XP Screen Saver (HKLM\...\3D Windows XP) (Version:  - )
8 Queens (HKLM\...\8 Queens) (Version:  - )
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
Alex Hunter - Lord of the Mind (HKLM\...\5e8742345a71732d7a98c05cadc70b33) (Version:  - GameHouse)
Alquerque (HKLM\...\Alquerque) (Version:  - )
AnalogX MaxMem (HKLM\...\AnalogX MaxMem) (Version:  - AnalogX)
Animals of Africa (HKLM\...\Animals of Africa) (Version:  - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Blast Thru Special Edition (HKLM\...\Blast Thru Special Edition) (Version:  - )
Blobs (HKLM\...\Blobs) (Version:  - )
Block Rox (HKLM\...\Block Rox) (Version:  - )
Board Games (HKLM\...\Board Games) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bowling Mania Special Edition (HKLM\...\Bowling Mania Special Edition) (Version:  - )
Brain Twister (HKLM\...\Brain Twister) (Version:  - )
Bridge (HKLM\...\Bridge) (Version:  - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.31 - Broadcom Corporation)
Card Games (HKLM\...\Card Games) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Championship Mah Jongg (HKLM\...\Championship Mah Jongg) (Version:  - )
Charmed (HKLM\...\Charmed) (Version:  - )
Charter Security Suite (Version: 1.83.311.0 - F-Secure Corporation) Hidden
Checkers (HKLM\...\Checkers) (Version:  - )
Chinese Checkers (HKLM\...\Chinese Checkers) (Version:  - )
Color Wheel (HKLM\...\Color Wheel) (Version:  - )
Computer Security 12.83.104.0 (release) (Version: 12.83.104.0 - F-Secure Corporation) Hidden
Creation Station Special Edition (HKLM\...\Creation Station Special Edition) (Version:  - )
Cribbage (HKLM\...\Cribbage) (Version:  - )
Cyber Chess (HKLM\...\Cyber Chess) (Version:  - )
Dark Tiles (HKLM\...\Dark Tiles) (Version:  - )
Dodgem (HKLM\...\Dodgem) (Version:  - )
Drone (HKLM\...\Drone) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Duplicate File Finder (HKLM\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
eGames Master's Edition 151 (HKLM\...\eGames Master's Edition 151) (Version:  - )
Eleven (HKLM\...\Eleven) (Version:  - )
Escape - Special Edition Bundle (HKLM\...\d4609de4913207a0242c5f00a00d7d53) (Version:  - GameHouse)
Fishing Special Edition (HKLM\...\Fishing Special Edition) (Version:  - )
Fox & Geese (HKLM\...\Fox & Geese) (Version:  - )
Free Realms (HKCU\...\SOE-Free Realms) (Version:  - Sony Online Entertainment)
F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.23.124.8831 (release) (Version: 1.23.124.8831 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (Version: 1.02.128 - F-Secure Corporation) Hidden
Galaxy Video Poker Special Edition (HKLM\...\Galaxy Video Poker Special Edition) (Version:  - )
Gems 3D (HKLM\...\Gems 3D) (Version:  - )
Go-Moku (HKLM\...\Go-Moku) (Version:  - )
Gonzo Heads (HKLM\...\Gonzo Heads) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hoyle Puzzle and Board Games (HKLM\...\{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}) (Version: 1.0.0 - Encore)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Product Detection (HKLM\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jewels of Cleopatra (remove only) (HKLM\...\JOCDL) (Version:  - )
Jungle (HKLM\...\Jungle) (Version:  - )
Kar Racing (HKLM\...\Kar Racing) (Version:  - )
Knights Tour (HKLM\...\Knights Tour) (Version:  - )
Kombat Kars Special Edition (HKLM\...\Kombat Kars Special Edition) (Version:  - )
Little Shop - World Traveler (HKLM\...\eaecac19834f4e657daa395da0489dff) (Version:  - GameHouse)
Mahjong Match (HKLM\...\Mahjong Match) (Version:  - )
Mahjongg Master 3 Special Edition (HKLM\...\Mahjongg Master 3 Special Edition) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.64.10.3 - Marvell)
Max Solitaire (HKLM\...\Max Solitaire) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Milton Bradley Classic Board Games (HKLM\...\ClassicBoard) (Version:  - )
Mini Golf (HKLM\...\Mini Golf) (Version:  - )
MONOPOLY (HKLM\...\6728dd246bc77b0452e6c6dd7c8ea95b) (Version:  - GameHouse)
Mystery Murders - Jack the Ripper (HKLM\...\a502237a94a42f08c9d8bcee51abd280) (Version:  - GameHouse)
Nancy Drew® - The Haunted Carousel (HKLM\...\ca15ad003f24334889875de2024a0d93) (Version:  - GameHouse)
Nearwood - Platinum Edition (HKLM\...\8a90126eb3d5532165c12e49c32be2c4) (Version:  - GameHouse)
Node Jumper Special Edition (HKLM\...\Node Jumper Special Edition) (Version:  - )
Old West Poker Special Edition (HKLM\...\Old West Poker Special Edition) (Version:  - )
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Online Safety 2.83.1329.952 (Version: 2.83.1329.952 - F-Secure Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Paranormal State - Poison Spring Platinum Edition (HKLM\...\12859962275ab6108de9fa8abfd44630) (Version:  - GameHouse)
Photobucket Backup (HKLM\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
Pinochle (HKLM\...\Pinochle) (Version:  - )
Poker Palace (HKLM\...\Poker Palace) (Version:  - )
Puzzle Master 2 Special Edition (HKLM\...\Puzzle Master 2 Special Edition) (Version:  - )
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quik 21 (HKLM\...\Quik 21) (Version:  - )
Raw Poker (HKLM\...\Raw Poker) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{0DF70CB6-553A-4C57-8E6D-876322ECFB78}) (Version: 1.00.0179 - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remove Random House Crosswords (HKLM\...\Random House Crosswords) (Version:  - )
Remove Random House Crostics (HKLM\...\Random House Crostics) (Version:  - )
Romantic Discoveries Bundle - 3 in 1 (HKLM\...\d1b68ebfec4d6dd5f81652198a1e9d95) (Version:  - GameHouse)
Samantha Swift - Adventure Bundle (HKLM\...\c9d86dc784dcd92f9b9a4d644c5f61bf) (Version:  - GameHouse)
Samantha Swift and the Mystery from Atlantis (HKLM\...\65fa0b0cc9ba403d9fd61edc0868c788) (Version:  - GameHouse)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Scary Girl (HKLM\...\9fb47a08077879f7e54251af6afe7dc2) (Version:  - GameHouse)
Shadow Shelter (HKLM\...\60befede87b114714753fb6659492df4) (Version:  - GameHouse)
Slots 100 (HKLM\...\Slots 100) (Version:  - )
Snake Arena Special Edition (HKLM\...\Snake Arena Special Edition) (Version:  - )
SOE Web Installer (HKCU\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Solitaire 2 Special Edition (HKLM\...\Solitaire 2 Special Edition) (Version:  - )
Strata 21 (HKLM\...\Strata 21) (Version:  - )
Super Collapse! Puzzle Gallery 4 (HKLM\...\08466def5c5c1d682c94d16d8e4c0cdf) (Version:  - GameHouse)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Dream Voyagers (HKLM\...\f6c183321175ccd23dc55b32e7441ce9) (Version:  - GameHouse)
The Fog (HKLM\...\3cfdc0cf55dbf8b5527b367f75816f46) (Version:  - GameHouse)
The Hidden Object Show Combo Pack (HKLM\...\87e32360e282f28cf0a8326046ba1157) (Version:  - GameHouse)
The Stroke of Midnight (HKLM\...\dfc44b14c1a61a9052f2c726ccd676e4) (Version:  - GameHouse)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.4100 -  )
Windows Driver Package - VIA Telecom Inc (VIA_USB_ETS) USB  (03/28/2010 1.2.0.0) (HKLM\...\006BC18603EF690BC5D5590ECFA9B31673F5DA65) (Version: 03/28/2010 1.2.0.0 - VIA Telecom Inc)
Windows Driver Package - YuLong (androidusb) USB  (04/18/2010 2.1.0.1) (HKLM\...\374CA51EFC247BAC09DDD7E195D0FAA29322DED9) (Version: 04/18/2010 2.1.0.1 - YuLong)
Windows Driver Package - YuLong (YL_cdc_acm) Modem  (11/11/2010 1.0.1.0) (HKLM\...\E1BB47BE425CBA07014056279883C9DCB348C1AE) (Version: 11/11/2010 1.0.1.0 - YuLong)
Windows Driver Package - YuLong (YL_cdc_acm) Ports  (06/17/2010 1.0.0.0) (HKLM\...\F0CF9EDA4DECB03FCE09ACB30D14C3613B63F7C6) (Version: 06/17/2010 1.0.0.0 - YuLong)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Word Wiz (HKLM\...\Word Wiz) (Version:  - )
World Mosaics (HKLM\...\03a1cc509deb5c9bb4cca0e2c7026203) (Version:  - GameHouse)
World Mosaics 4 (HKLM\...\a87cfa79a2ffc5b9a1fd452e5e5eeada) (Version:  - GameHouse)
World Mosaics 6 (HKLM\...\f1dc4b2e680e76f2780fd1baee646285) (Version:  - GameHouse)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
06-08-2014 13:31:00 System Checkpoint
07-08-2014 13:32:04 System Checkpoint
07-08-2014 22:28:33 Installed Java 7 Update 67
07-08-2014 22:31:07 Removed CoolPad_USB_Drivers
01-01-2002 05:17:00 System Checkpoint
09-08-2014 16:28:24 System Checkpoint
11-08-2014 19:04:30 System Checkpoint
01-01-2002 04:30:55 System Checkpoint
12-08-2014 14:18:22 Software Distribution Service 3.0
01-01-2002 04:46:27 System Checkpoint
13-08-2014 00:05:55 System Checkpoint
13-08-2014 13:43:22 Software Distribution Service 3.0
14-08-2014 18:36:06 System Checkpoint
15-08-2014 18:37:47 System Checkpoint
16-08-2014 20:35:18 System Checkpoint
18-08-2014 16:03:06 System Checkpoint
20-08-2014 19:13:43 System Checkpoint
22-08-2014 17:40:07 System Checkpoint
26-08-2014 19:45:54 System Checkpoint
27-08-2014 22:04:29 System Checkpoint
28-08-2014 22:44:33 System Checkpoint
29-08-2014 23:36:28 System Checkpoint
31-08-2014 00:37:13 System Checkpoint
01-09-2014 01:55:29 System Checkpoint
02-09-2014 16:17:37 System Checkpoint
03-09-2014 18:57:27 System Checkpoint
04-09-2014 00:25:52 Restore Operation
04-09-2014 00:31:31 avast! antivirus system restore point
05-09-2014 03:46:30 System Checkpoint
06-09-2014 13:28:37 System Checkpoint
07-09-2014 23:46:56 OTL Restore Point - 9/7/2014 7:46:49 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 08:00 - 2014-09-07 19:47 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1292428093-515967899-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1292428093-515967899-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-11 15:09 - 2014-07-05 15:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-07 19:28 - 2014-09-07 19:28 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090701\algo.dll
2008-07-30 13:52 - 2008-07-30 13:52 - 00040960 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-06-11 15:09 - 2014-07-05 15:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-30 10:55 - 2008-07-30 10:55 - 02854912 _____ () C:\WINDOWS\system32\btwicons.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-04 17:29 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 17:29 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 17:29 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: F-Secure Hoster (42626) => "C:\Program Files\Charter Security Suite\fshoster32.exe" -app -hosterid:1
MSCONFIG\startupreg: F-Secure Manager => "C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Marvell
Service: yukonwxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth LAN Access Server Driver
Description: Bluetooth LAN Access Server Driver
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BTWDNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2014 07:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.143, faulting module chrome.dll, version 36.0.1985.143, fault address 0x004b13b3.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (08/28/2014 09:51:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/23/2014 10:21:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avastui.exe, version 9.0.2021.531, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (09/07/2014 07:47:00 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_FSNITDI\0000 disappeared from the system without first being prepared for removal.
 
Error: (09/07/2014 07:47:00 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_FSNI\0000 disappeared from the system without first being prepared for removal.
 
Error: (09/07/2014 07:46:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/07/2014 07:46:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Online Games Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/07/2014 07:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/07/2014 07:46:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/07/2014 07:46:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/07/2014 07:46:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/07/2014 10:25:27 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (09/05/2014 06:06:52 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.
 
 
Microsoft Office Sessions:
=========================
Error: (08/30/2014 07:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.143chrome.dll36.0.1985.143004b13b3
 
Error: (08/28/2014 09:51:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000
 
Error: (08/23/2014 10:21:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avastui.exe9.0.2021.531hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 81%
Total physical RAM: 1015.23 MB
Available physical RAM: 184.99 MB
Total Pagefile: 2442.09 MB
Available Pagefile: 1549.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.88 GB) (Free:12.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:7.28 GB) (Free:5.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 55A0A850)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem on the files that could not be moved as they are Avast protected temp files and are of no matter

I will now remove the remaining charter files/services and reset chrome for you. Once done could you let me know of any problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR HomePage: Default -> hxxp://www.trovi.com/?a=hp
CHR DefaultSearchURL: Default -> http://www.trovi.com...CSF=SPX_DEFAULT
CHR DefaultSuggestURL: Default -> http://suggest.secci...CSF=SPX_SUGGEST
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 fshoster; "C:\Program Files\Charter Security Suite\fshoster32.exe" -hosterid:0 [X]
S4 FSMA; "C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE" [X]
S4 FSORSPClient; "C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe" [X]
C:\Program Files\Charter Security Suite
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
ChenobieTiger

ChenobieTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

With the Adware log C:\AdwCleaner[S1].txt , I couldn't locate the most recent edition since I have used this before. So I managed to find this log in the actual program. 

 

 

The Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014

Ran by user at 2014-09-08 10:54:05 Run:1
Running from C:\Documents and Settings\user\My Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HomePage: Default -> hxxp://www.trovi.com/?a=hp
CHR DefaultSearchURL: Default -> http://www.trovi.com...CSF=SPX_DEFAULT
CHR DefaultSuggestURL: Default -> http://suggest.secci...CSF=SPX_SUGGEST
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 fshoster; "C:\Program Files\Charter Security Suite\fshoster32.exe" -hosterid:0 [X]
S4 FSMA; "C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE" [X]
S4 FSORSPClient; "C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe" [X]
C:\Program Files\Charter Security Suite
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Chrome HomePage deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
fshoster => Service deleted successfully.
FSMA => Service deleted successfully.
FSORSPClient => Service deleted successfully.
"C:\Program Files\Charter Security Suite" => File/Directory not found.
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
AdwareCleaner
 
# AdwCleaner v3.309 - Report created 08/09/2014 at 12:16:03
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - USER-5FD707D9E9
# Running from : C:\Documents and Settings\user\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1f0j34h3.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u3yhnia3.default-1353342827671\prefs.js ]
 
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ys4r90sh.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [12354 octets] - [09/09/2013 18:47:39]
AdwCleaner[R1].txt - [1264 octets] - [10/09/2013 10:15:50]
AdwCleaner[R2].txt - [3807 octets] - [11/06/2014 08:55:43]
AdwCleaner[R3].txt - [1514 octets] - [08/09/2014 12:16:03]
AdwCleaner[S0].txt - [12708 octets] - [09/09/2013 18:55:09]
AdwCleaner[S1].txt - [1329 octets] - [10/09/2013 10:19:00]
AdwCleaner[S2].txt - [2777 octets] - [08/09/2014 11:29:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1755 octets] ##########

  • 0

#6
ChenobieTiger

ChenobieTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

After posting I noticed the new name for the Adware Cleaner report and located it......

 

# AdwCleaner v3.309 - Report created 08/09/2014 at 11:29:50
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - USER-5FD707D9E9
# Running from : C:\Documents and Settings\user\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Alawar
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\AlawarEntertainment
Folder Deleted : C:\Documents and Settings\user\Application Data\Alawar
Folder Deleted : C:\Documents and Settings\user\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\user\Application Data\AlawarEntertainment
[!] Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1f0j34h3.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u3yhnia3.default-1353342827671\prefs.js ]
 
 
[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ys4r90sh.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [12354 octets] - [09/09/2013 18:47:39]
AdwCleaner[R1].txt - [1264 octets] - [10/09/2013 10:15:50]
AdwCleaner[R2].txt - [3807 octets] - [11/06/2014 08:55:43]
AdwCleaner[S0].txt - [12708 octets] - [09/09/2013 18:55:09]
AdwCleaner[S1].txt - [1329 octets] - [10/09/2013 10:19:00]
AdwCleaner[S2].txt - [2637 octets] - [08/09/2014 11:29:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2697 octets] ##########

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now any further problems ?
  • 0

#8
ChenobieTiger

ChenobieTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

It is running like new, and has yet to lock up like before if I opened more than one file at a time. Thank you so very much, I truly cannot afford to replace this computer, and  I try to avoid most risky downloads, but even the best of intentions have nothing on computer viruses and malware. 


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The main cause of the slowdown was actually the second antivirus although the adware must take some of the blame :)



Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Search Protect, wajam, conduit protect

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP