Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HELP! My computer won't let me download literally ANYTHING

Started by Liv Scott , Dec 03 2012 07:55 PM

Page 4 of 11
2
3
4
5
6

Please log in to reply

#46
maliprog

Posted 10 January 2013 - 01:24 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Liv Scott,

Let's try suggestion from my co-worker here at G2G.

Open Control Panel
Double click Internet Options
Click on Privacy tab
Set security level slider to Medium
Click OK button to save changes and exit dialog box.

Start IE now and try to download something from Internet.

#47
Liv Scott

Posted 10 January 2013 - 11:26 AM

Member

Topic Starter
Member
149 posts

Hi maliprog,

Turns out I already had it set to Medium! I got the same error message from IE, that the file contained a virus and was deleted

#48
maliprog

Posted 11 January 2013 - 02:31 AM

Trusted Helper

Malware Removal
6,172 posts

This i really strange case...

Step 1

Download the adwCleaner

Run the Tool
(Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Step 2

Please go to support Microsoft for instructions on how to repair/reinstall your Internet Explorer.

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

adwCleaner log
VRT log

It would be helpful if you could post each log in separate post using "Add Reply" button

#49
Liv Scott

Posted 12 January 2013 - 10:08 PM

Member

Topic Starter
Member
149 posts

I know, I'm so confused!

Here's the result of the ADWCleaner!

# AdwCleaner v1.604 - Logfile created 01/12/2013 at 20:02:14
# Updated 23/04/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Livsie - LIVSIE-PC
# Running from : C:\Users\Livsie\Downloads\Installer_AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Livsie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Livsie\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Livsie\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Conduit
Folder Deleted : C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\ConduitCommon
Folder Deleted : C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0 (en-US)

Profile name : default
File : C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\prefs.js

C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\user.js ... Deleted !

Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.AppTrackingLastCheckTime", "Wed Sep 07 2011 01:17:50 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT2438727.CTID", "CT2438727");
Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2438727.CurrentServerDate", "9-1-2013");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Wed Jan 09 2013 08:38:18 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.FirstServerDate", "24-9-2010");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Deleted : user_pref("CT2438727.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2438727.InstalledDate", "Thu Sep 23 2010 14:58:14 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2438727.InvalidateCache", false);
Deleted : user_pref("CT2438727.IsAlertDBUpdated", true);
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Jan 09 2013 08:38:16 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Thu Mar 24 2011 22:19:54 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2438727.LastLogin_3.15.1.0", "Thu Dec 20 2012 16:48:37 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.16.0.3", "Wed Jan 09 2013 08:38:16 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.2.3.3", "Sat Nov 20 2010 17:28:32 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2438727.LastLogin_3.3.3.2", "Tue May 24 2011 15:57:28 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2438727.LastLogin_3.3.5.1", "Wed Jun 22 2011 11:33:34 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2438727.LastLogin_3.5.0.12", "Tue Aug 16 2011 19:26:54 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.6.0.10", "Tue Sep 04 2012 09:30:57 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2438727.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.LoginCache", 4);
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2438727.RadioShrinked", "expanded");
Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2438727.SearchBoxWidth", 118);
Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 08:38:14 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2438727.SearchProtectorEnabled", false);
Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Wed Jan 09 2013 08:38:15 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Wed Jan 09 2013 08:38:14 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1357742482");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Tue Sep 04 2012 09:30:55 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2438727.UserID", "UN50756100196546698");
Deleted : user_pref("CT2438727.ValidationData_Search", 1);
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.backendstorage.currentgame", "6661726D");
Deleted : user_pref("CT2438727.clientLogIsEnabled", true);
Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Tue Sep 04 2012 09:30:58 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.initDone", true);
Deleted : user_pref("CT2438727.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...]
Deleted : user_pref("CT2438727.revertSettingsEnabled", false);
Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.testingCtid", "");
Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Wed Jan 09 2013 08:38:16 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Tue Sep 04 2012 09:30:57 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2438727.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1182482&fid=1178159", "\"0\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=832836&fid=828639", "\"0\""[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ff0[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Livsie\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 14:38:55 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 10:40:22 GMT-0700 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 01:09:21 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{8d4c6851-657c-4ede-964a-adb7be3cc276}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Nov 20 2010 17:28:33 GMT-0800 (Pac[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "d2a29d27-e764-4505-ad79-be7a0f218c8e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 04 2012 09:30:5[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 08 2012 19:23:36 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 0);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "");
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.userId", "5302e63b-9d60-4649-9e7e-0a3765941e4c");
Deleted : user_pref("aim_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.surf.date", "3");
Deleted : user_pref("aol_toolbar.surf.lastDate", "9");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "0");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "5");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "6");
Deleted : user_pref("aol_toolbar.surf.total", "293");
Deleted : user_pref("aol_toolbar.surf.week", "3");
Deleted : user_pref("aol_toolbar.surf.year", "5");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aim[...]
Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&s_qt=ab&s[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [21652 octets] - [12/01/2013 20:02:14]

########## EOF - C:\AdwCleaner[S1].txt - [21781 octets] ##########

#50
Liv Scott

Posted 12 January 2013 - 10:19 PM

Member

Topic Starter
Member
149 posts

Okay, I reset the IE settings to the Default setting (though I don't think I changed them)-I'm running the Kaspersky virus scan now!

#51
Liv Scott

Posted 13 January 2013 - 11:52 PM

Member

Topic Starter
Member
149 posts

Okay so I'm a bit perturbed! I ran the Kaspersky scan, and it did find and delete a trojan, but then I saved the log and it's huge! Would it be possible for me to attach it instead? It's pretty big, around 180mb I think-here is the part about the specific trojan it found, it's at the very start of the log.

Automatic Scan: completed 10 hours ago (events: 1195043, objects: 1183320, time: 12:23:01)
1/13/2013 4:42:49 AM Deleted Trojans Trojan.Win32.Swisyn.cnow High Exact D:\Users\Livsie\Documents\Files and Logs from when Kahdah helped me comp virus\OTL.exe
1/13/2013 4:39:33 AM Detected Trojans Trojan.Win32.Swisyn.cnow High Exact D:\Users\Livsie\Documents\Files and Logs from when Kahdah helped me comp virus\OTL.exe

Edited by Liv Scott, 14 January 2013 - 12:06 AM.

#52
maliprog

Posted 14 January 2013 - 03:47 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Liv Scott,

OK. That was false positive ones. Any progress on downloading from Internet?

#53
Liv Scott

Posted 14 January 2013 - 10:14 AM

Member

Topic Starter
Member
149 posts

So far no- I just tried Chrome, and instead of the usual message I actually got a message saying the virus scan failed, and I still can't open the file or the folder that it's in. Firefox still attempts to download and then the options are grayed out, and IE still claims that the file contained a virus and was deleted

#54
maliprog

Posted 14 January 2013 - 10:35 AM

Trusted Helper

Malware Removal
6,172 posts

I'm looking at your screen shot you posted before. When you try to download anything from Internet Explorer you get message that file contain virus and it was deleted. In that message box you have "Learn more" link. Can you click that link and post me screen shot where does it takes you and what do you see.

Attached Thumbnails

#55
Liv Scott

Posted 16 January 2013 - 02:32 PM

Member

Topic Starter
Member
149 posts

My apologies for the delay!! Here is the screenshot!

Attached Thumbnails

#56
maliprog

Posted 17 January 2013 - 12:15 AM

Trusted Helper

Malware Removal
6,172 posts

That didn't give me any info...

Step 1

Please go to Start then in search box type

Windows Defender

Click on it to start Windows Defender
Click Tools then Options
Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Try to download something now.

Step 2

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

New OTL log

It would be helpful if you could post each log in separate post using "Add Reply" button

#57
Liv Scott

Posted 18 January 2013 - 12:50 AM

Member

Topic Starter
Member
149 posts

Turns out Windows Defender was already turned off, I was wrong in thinking I had turned it on

Here's my OTL log!

OTL logfile created on: 1/17/2013 9:59:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Livsie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.32% Memory free
7.60 Gb Paging File | 5.98 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 7.86 Gb Free Space | 13.42% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 149.67 Gb Free Space | 37.67% Space Free | Partition Type: NTFS

Computer Name: LIVSIE-PC | User Name: Livsie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/03 16:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Livsie\Desktop\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/06 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 08:32:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 08:14:32 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll
MOD - [2013/01/09 08:13:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 08:13:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 08:12:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 08:12:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 08:12:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 08:12:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 13:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 13:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 13:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 13:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 13:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/07/13 17:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/15 10:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/12/15 10:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/12/15 10:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 04:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/01/08 14:32:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/22 09:51:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/03 00:29:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/08/03 00:29:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/27 10:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/30 11:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 06:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 11:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 05:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 08:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/16 19:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {812F0E75-DDF8-40C9-83B9-57ACF1312B63}
IE:64bit: - HKLM\..\SearchScopes\{812F0E75-DDF8-40C9-83B9-57ACF1312B63}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{3EAD345A-5334-40C5-9F44-62F73C440223}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=18-06-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 94 CE 28 44 F1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...eviantart.com/"
FF - prefs.js..extensions.enabledAddons: morningCoffee@shaneliesegang:1.35
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.3
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.28
FF - prefs.js..extensions.enabledAddons: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.16.0.3
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.4
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.16
FF - prefs.js..extensions.enabledAddons: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.8937
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.2
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Livsie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/07 21:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files (x86)\components [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files (x86)\plugins [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: D:\Program Files (x86)\Mozilla Sunbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files (x86)\components [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files (x86)\plugins [2012/09/15 18:48:34 | 000,000,000 | ---D | M]

[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/07/25 21:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/14 08:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions
[2012/12/21 17:52:06 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/09/04 08:34:26 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012/12/21 17:49:51 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2013/01/05 18:07:43 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2013/01/14 08:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\staged
[2012/12/16 09:23:01 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Sunbird\Profiles\6bpd18yu.default\extensions
[2012/12/21 17:48:28 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2011/04/01 00:16:34 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2011/08/26 08:53:20 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2013/01/09 08:37:55 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/04 08:34:28 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/05 18:07:57 | 000,002,533 | ---- | M] () -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml
[2013/01/07 21:52:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://www.google.com/reader/view/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/reader/view/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\plugins\NPOFF12.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - Extension: YouTube = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Notifier for Twitter = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.2.6_0\
CHR - Extension: Disconnect = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\
CHR - Extension: InvisibleHand = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.26_0\
CHR - Extension: Thor = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge\1_0\
CHR - Extension: Gmail = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/18 08:36:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [F.lux] C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FF6BC-1FFE-4AAA-B202-A40150CC9E90}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 21:58:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Livsie\Desktop\OTL.exe
[2013/01/12 20:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/07 21:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/07 21:53:32 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/07 21:53:31 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/07 21:53:21 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/07 21:53:19 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/07 21:53:17 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/07 21:53:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/07 21:52:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/07 21:52:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/07 21:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/07 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/20 13:29:24 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Livsie\Desktop\avg_remover_stf_x64_2013_2706.exe
[2012/12/19 08:29:51 | 000,752,213 | ---- | C] (Farbar) -- C:\Users\Livsie\Desktop\MiniToolBox.exe
[2012/12/18 23:56:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Livsie\Desktop\tdsskiller.exe
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Livsie\Desktop\*.tmp files -> C:\Users\Livsie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 22:04:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 22:04:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 22:01:32 | 000,731,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 22:01:32 | 000,626,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 22:01:32 | 000,108,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 21:54:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 21:54:06 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 21:34:14 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job
[2013/01/17 21:32:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 16:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job
[2013/01/16 12:31:19 | 000,061,665 | ---- | M] () -- C:\Users\Livsie\Desktop\IE Learn More dialog box.png
[2013/01/12 19:53:44 | 000,177,160 | ---- | M] () -- C:\Users\Livsie\Desktop\adwcleaner.exe
[2013/01/09 08:03:42 | 000,355,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/07 21:53:33 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/07 21:53:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/07 21:40:38 | 102,315,992 | ---- | M] () -- C:\Users\Livsie\Desktop\avast.exe
[2012/12/31 14:24:01 | 000,095,748 | ---- | M] () -- C:\Users\Livsie\Desktop\NEW YEAR'S RESOLUTIONS 2013.jpeg
[2012/12/24 09:29:10 | 000,269,873 | ---- | M] () -- C:\Users\Livsie\Desktop\aswclear.exe
[2012/12/20 13:27:26 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Livsie\Desktop\avg_remover_stf_x64_2013_2706.exe
[2012/12/19 23:39:27 | 000,047,163 | ---- | M] () -- C:\Users\Livsie\Desktop\Attempt to download Word Docx in IE.jpg
[2012/12/19 08:28:22 | 000,752,213 | ---- | M] (Farbar) -- C:\Users\Livsie\Desktop\MiniToolBox.exe
[2012/12/19 08:19:26 | 000,212,288 | ---- | M] () -- C:\Users\Livsie\Desktop\Maliprog OTL download attempt picture.jpg
[2012/12/18 23:53:50 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Livsie\Desktop\tdsskiller.exe
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Livsie\Desktop\*.tmp files -> C:\Users\Livsie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/16 12:31:19 | 000,061,665 | ---- | C] () -- C:\Users\Livsie\Desktop\IE Learn More dialog box.png
[2013/01/12 19:59:55 | 000,177,160 | ---- | C] () -- C:\Users\Livsie\Desktop\adwcleaner.exe
[2013/01/07 21:53:33 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/07 21:49:56 | 102,315,992 | ---- | C] () -- C:\Users\Livsie\Desktop\avast.exe
[2012/12/31 14:24:00 | 000,095,748 | ---- | C] () -- C:\Users\Livsie\Desktop\NEW YEAR'S RESOLUTIONS 2013.jpeg
[2012/12/24 09:31:50 | 000,269,873 | ---- | C] () -- C:\Users\Livsie\Desktop\aswclear.exe
[2012/12/19 23:39:27 | 000,047,163 | ---- | C] () -- C:\Users\Livsie\Desktop\Attempt to download Word Docx in IE.jpg
[2012/12/19 08:19:26 | 000,212,288 | ---- | C] () -- C:\Users\Livsie\Desktop\Maliprog OTL download attempt picture.jpg
[2012/12/18 08:25:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/18 08:25:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/18 08:25:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/18 08:25:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/18 08:25:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/30 01:25:02 | 000,007,598 | ---- | C] () -- C:\Users\Livsie\AppData\Local\Resmon.ResmonCfg
[2011/02/23 18:05:03 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/23 18:05:03 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/23 18:05:03 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/23 18:05:03 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/23 18:05:03 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/23 18:05:03 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/23 18:05:03 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/23 18:05:03 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/23 18:05:03 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/23 18:05:03 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/23 18:05:03 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/23 18:05:03 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/23 18:05:03 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/23 18:05:03 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/23 18:05:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/02/23 18:05:02 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/23 17:57:23 | 000,000,060 | ---- | C] () -- C:\Windows\EPWF310.ini
[2010/10/08 18:15:25 | 000,002,016 | ---- | C] () -- C:\Program Files (x86)\Adobe Reader 9 (2).lnk
[2010/10/03 17:28:17 | 000,004,608 | ---- | C] () -- C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 15:16:57 | 000,002,587 | ---- | C] () -- C:\Program Files\Dell Support Center.lnk
[2010/09/15 11:04:49 | 000,004,236 | ---- | C] () -- C:\Program Files\Windows Compatibility Report.htm
[2010/08/25 14:11:49 | 000,002,515 | ---- | C] () -- C:\Program Files (x86)\Skype.lnk
[2010/08/20 17:44:01 | 000,002,016 | ---- | C] () -- C:\Program Files (x86)\Adobe Reader 9.lnk
[2010/07/13 03:51:16 | 000,000,000 | ---- | C] () -- C:\Users\Livsie\AppData\Local\prvlcl.dat
[2010/05/20 00:57:05 | 000,000,196 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\wklnhst.dat
[2010/05/19 20:09:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/18 18:43:34 | 000,002,164 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\install.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/05/23 15:41:32 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Absolute
[2010/05/19 16:53:21 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\acccore
[2010/07/17 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Alzex
[2010/11/17 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG
[2010/10/16 13:22:51 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG10
[2010/06/23 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG9
[2012/11/22 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\BitTorrent
[2012/12/19 08:16:23 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Dropbox
[2012/04/03 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Epson
[2011/11/04 10:10:38 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\GARMIN
[2011/08/05 23:38:43 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\go
[2010/06/08 06:17:51 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Hardcore
[2011/01/11 02:47:08 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\LimeWire
[2010/12/10 02:05:52 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\PCDr
[2010/06/08 06:18:13 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\PoiZone
[2011/11/18 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Spotify
[2010/08/03 10:50:45 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Template
[2011/10/31 13:27:24 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Trillian
[2011/03/30 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Trusteer
[2010/09/15 15:07:31 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Uniblue
[2010/05/21 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\WildTangent
[2011/04/26 13:57:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Windows Live Writer
[2010/05/22 12:59:24 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\XemiComputers

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline⁭楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline⁭楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
(C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline⁭楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲⁭楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
(C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#58
maliprog

Posted 18 January 2013 - 01:00 AM

Trusted Helper

Malware Removal
6,172 posts

It appears that AVG remainings can cause this behavior too. I will remove all AVG files manually. Restart your PC and try downloads. Let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found
[2010/11/17 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG
[2010/10/16 13:22:51 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG10
[2010/06/23 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG9

:Files

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please don't forget to include these items in your reply:

OTL fix log

It would be helpful if you could post each log in separate post using "Add Reply" button

#59
Liv Scott

Posted 18 January 2013 - 09:52 AM

Member

Topic Starter
Member
149 posts

What? AVG's stubborn! Here's my log from OTL! I tried downloading from Chrome-still claims Virus Scan Failed. I tried downloading from IE, still claims that it contained a virus and was deleted. BUT I tried downloading from Firefox, and here's the thing, I tried to download it, and I still got the same result, BUT when I said I was just going to open the file and not save it, it actually let me do that, which then let me save it as a different file. It's not ideal, but it's something!!!

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
File Protocol\Handler\avgsecuritytoolbar - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
C:\Users\Livsie\AppData\Roaming\AVG\Track Eraser folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG\Integrator folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Livsie\AppData\Roaming\AVG9 folder moved successfully.
========== FILES ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01182013_074439

Edited by Liv Scott, 18 January 2013 - 09:58 AM.

#60
maliprog

Posted 21 January 2013 - 12:22 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Liv Scott,

Step 1

Run OTL.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the "Scan All User" checkbox
Change "Extra Registry" option to "SafeList"
select "All" box on Processes, Modules, Services and Drivers section.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.