Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem booting computer, overall sluggishness [Closed]


  • This topic is locked This topic is locked

#1
moose35

moose35

    Member

  • Member
  • PipPip
  • 27 posts
Hello,

First of all thanks a lot for the help you provide here. I've been downloading quite a bit of files (movies and games from rapidshare and such) and am in college, which means (or at least I think it does) that I'm connected to a lot of computers. To make matters worse, I know I've put one or two infected USBs in my laptop.

The performance of the laptop is dropping, it's running much, much slower and I feel it should be remedied before it grows into something more complicated. There are many, many important files on this laptop that I don't want lost. Here's what's happening with my laptop:

1.) Computer often doesn't go to sleep when I close it, then doesn't do anything when I open it back, meaning I have to manually shut it off.
2.) Google Chrome crashes quite often.
3.) I've had problems booting the computer today. The computer would boot up, and as it was starting up (screensaver and icons were loading, toolbar wasn't), the computer froze and wouldn't do anything. I had to manually restart it, and this happened about 5 times in a row. I went into safe mode and ran a full system scan with avast! antivirus, but nothing came up (except for some files from the temp folder, which it said were password protected, flash 10 I think).

I have CCleaner and avast! on my computer, which I use for scanning/deleting (in CCleaner's case) quite often. For some reason, Microsoft Security Essentials has now started working this reboot (I have no idea why).

That's it. thanks a lot for any help that you can give me.

Here's the OTL log:


OTL logfile created on: 3/24/2013 4:44:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stevo.Agnes\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 42.64% Memory free
7.16 Gb Paging File | 5.09 Gb Available in Paging File | 71.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 57.34 Gb Free Space | 20.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.86 Gb Free Space | 58.61% Space Free | Partition Type: NTFS

Computer Name: AGNES | User Name: Stevo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/24 16:42:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stevo.Agnes\Downloads\OTL.exe
PRC - [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/23 20:58:25 | 000,348,160 | ---- | M] () -- C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe
PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\hamachi-2.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2011/09/21 12:38:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jdk1.7.0\jre\bin\javaw.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/10/20 00:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/09/14 06:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 06:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/01/13 15:23:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/28 22:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2008/01/21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 16:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 06:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/26 16:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\Windows\System32\emaudsv.exe
PRC - [2007/04/17 05:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/29 22:14:29 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/24 12:32:48 | 001,057,280 | ---- | M] () -- c:\Program Files\ContinueToSave\sprotector.dll
MOD - [2013/01/24 12:25:02 | 001,044,480 | ---- | M] () -- c:\Program Files\WebSearch\sprotector.dll
MOD - [2013/01/24 12:20:16 | 001,032,704 | ---- | M] () -- c:\Program Files\SimpleSpeedy\sprotector.dll
MOD - [2013/01/24 12:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll
MOD - [2009/10/20 00:11:20 | 000,101,128 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
MOD - [2006/10/01 21:49:16 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll


========== Services (SafeList) ==========

SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/01 10:38:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/14 06:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 06:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/01/13 15:23:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/04 16:37:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 22:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 04:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 04:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/11/26 16:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\Windows\System32\emaudsv.exe -- (emaudsv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mausbftu.sys -- (MAUSBRI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahy92kvk)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acl8qwrk)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/12 15:46:49 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/22 07:11:54 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/18 15:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 15:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/02 04:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 06:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 06:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/26 16:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emusba10.sys -- (emusba10)
DRV - [2007/07/23 14:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/07/05 14:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 14:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/02/28 12:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 12:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 12:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/04/12 16:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-...695&lg=EN&cc=SK
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-...695&lg=EN&cc=SK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3080804
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.joinred.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.joinred.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-...695&lg=EN&cc=SK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-...695&lg=EN&cc=SK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.14: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.14: C:\Program Files\Veetle\Player\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stevo.Agnes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 10:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/01 10:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/24 06:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 10:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/01 10:38:48 | 000,000,000 | ---D | M]

[2012/06/01 15:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Extensions
[2012/06/01 15:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/12 20:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions
[2012/06/01 15:06:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/01 15:06:19 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/03/17 22:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions
[2012/07/05 16:43:19 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]
[2013/03/09 12:00:34 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]
[2013/03/17 22:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\staged
[2008/01/21 03:23:50 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\firefox\profiles\252w060n.default\extensions\[email protected]
[2008/01/21 03:23:50 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\firefox\profiles\f3h28uym.default\extensions\[email protected]
[2012/01/12 01:09:00 | 000,000,935 | ---- | M] () -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\firefox\profiles\252w060n.default\searchplugins\conduit.xml
[2012/11/01 10:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/01 10:38:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/01 10:38:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/09/21 12:41:25 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/31 12:05:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 23:02:31 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.pu-...695&lg=EN&cc=SK
CHR - Extension: No name found = C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: No name found = C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe\2013.2.23_0\
CHR - Extension: No name found = C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbeegpjhjdgdnpeebagdkolopmkchhbe\1.0_0\
CHR - Extension: No name found = C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhljbbclnlohoealnldobojiheldfnmm\1\

O1 HOSTS File: ([2010/03/25 19:59:27 | 000,000,787 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost licmatlab.lrz-muenchen.de
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (continuetosave) - {49C988D4-5791-D4CB-3764-4069C59FF66B} - C:\ProgramData\continuetosave\5103cc989f039.dll ()
O2 - BHO: (SSEyaarch-NNewTaab) - {57DB64C7-184F-485C-36A2-9992082CD468} - C:\ProgramData\SSEyaarch-NNewTaab\51463becaf7f3.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Browyse2Saave) - {D8066D8A-BEC4-9C42-7AC0-443DE3A07004} - C:\ProgramData\Browyse2Saave\51463b764adf4.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Bcool Class) - {F1098A91-7B3F-5061-2F4E-8A6D3653D11E} - C:\ProgramData\Bcool\bhoclass.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [jEdit Server] C:\Program Files\jEdit\jedit.exe (Contributors)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.108.131.11 194.160.44.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}: DhcpNameServer = 192.108.131.11 194.160.44.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~1\contin~1\sprote~1.dll) - c:\Program Files\ContinueToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\simple~1\sprote~1.dll) - c:\Program Files\SimpleSpeedy\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Program Files\WebSearch\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/21 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/03/21 17:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2013/03/18 21:53:16 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\Documents\Stronghold Crusader
[2013/03/18 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2013/03/18 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Firefly Studios
[2013/03/18 08:40:55 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Local\Apps
[2013/03/18 08:40:54 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Local\Deployment
[2013/03/18 08:33:04 | 000,000,000 | ---D | C] -- C:\75b87f554dbbb6242010c28d0b1a
[2013/03/18 08:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bridge
[2013/03/18 08:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\The Bridge
[2013/03/17 23:58:19 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Roaming\Braid
[2013/03/17 23:55:57 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\Desktop\Braid [MULTI9][PC][Mouladi]
[2013/03/17 23:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/03/17 22:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSEyaarch-NNewTaab
[2013/03/17 22:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SSEyaarch-NNewTaab
[2013/03/17 22:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/03/17 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/03/17 22:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\BrowseToSave
[2013/03/17 22:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browyse2Saave
[2013/03/17 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Browyse2Saave
[2013/03/17 11:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/17 11:18:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/03/17 11:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/17 11:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/17 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/17 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/03/17 11:11:40 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Local\Apple
[2013/03/16 14:13:09 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Local\Microsoft Corporation
[2013/03/16 14:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/03/12 15:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2013/03/12 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Black Isle
[2013/03/09 21:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2013/03/09 21:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\PANDORA.TV
[2013/03/09 21:38:54 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013/03/09 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2013/03/01 20:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013/03/01 20:16:34 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2013/03/01 20:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2013/03/01 16:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/01 16:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/01 11:40:56 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\Desktop\Official
[2013/02/26 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Stevo.Agnes\Desktop\Zmluvy USA
[2012/12/10 17:29:46 | 002,254,768 | ---- | C] (LogMeIn Inc.) -- C:\Program Files\hamachi-2-ui.exe
[2012/12/10 17:29:44 | 001,435,568 | ---- | C] (LogMeIn Inc.) -- C:\Program Files\hamachi-2.exe
[2009/03/18 16:35:40 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Program Files\hamachi.sys
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/24 16:29:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 16:24:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 16:24:33 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\schedule!1143840799.job
[2013/03/24 16:24:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 16:24:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 16:24:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 10:51:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/21 18:54:51 | 001,400,084 | ---- | M] () -- C:\Users\Stevo.Agnes\Desktop\Europass-CV-20130321-Beňuš copy.jpg
[2013/03/21 18:14:41 | 000,502,610 | ---- | M] () -- C:\Users\Stevo.Agnes\Documents\DSC_0378.jpg
[2013/03/21 17:59:20 | 000,000,809 | ---- | M] () -- C:\Users\Stevo.Agnes\Desktop\IrfanView.lnk
[2013/03/21 14:27:52 | 000,023,552 | -H-- | M] () -- C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/18 11:03:36 | 022,445,318 | ---- | M] () -- C:\Users\Stevo.Agnes\Desktop\bulanci.exe
[2013/03/17 11:18:43 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/12 15:04:37 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2013/03/09 21:38:54 | 000,000,834 | ---- | M] () -- C:\Users\Stevo.Agnes\Desktop\KMPlayer.lnk
[2013/03/01 20:28:24 | 000,022,341 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2013/03/01 20:24:56 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/03/01 20:19:01 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2013/03/01 20:19:01 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2013/03/01 20:19:01 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2013/03/01 20:16:38 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013/03/01 20:16:35 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2013/03/01 20:16:34 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2013/03/01 16:42:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013/03/21 18:54:41 | 001,400,084 | ---- | C] () -- C:\Users\Stevo.Agnes\Desktop\Europass-CV-20130321-Beňuš copy.jpg
[2013/03/21 18:14:40 | 000,502,610 | ---- | C] () -- C:\Users\Stevo.Agnes\Documents\DSC_0378.jpg
[2013/03/21 17:59:20 | 000,000,809 | ---- | C] () -- C:\Users\Stevo.Agnes\Desktop\IrfanView.lnk
[2013/03/18 11:08:51 | 022,445,318 | ---- | C] () -- C:\Users\Stevo.Agnes\Desktop\bulanci.exe
[2013/03/17 11:18:43 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/16 14:12:11 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/03/12 15:04:37 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2013/03/09 21:38:54 | 000,000,834 | ---- | C] () -- C:\Users\Stevo.Agnes\Desktop\KMPlayer.lnk
[2013/03/01 20:24:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/03/01 20:19:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2013/03/01 20:19:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2013/03/01 20:19:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2013/03/01 20:16:38 | 000,022,341 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2013/03/01 20:16:38 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013/03/01 20:16:35 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2013/03/01 16:42:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/18 20:57:58 | 000,078,610 | ---- | C] () -- C:\Windows\War3Unin.dat
[2013/02/13 11:28:56 | 000,004,598 | ---- | C] () -- C:\Users\Stevo.Agnes\AppData\Local\recently-used.xbel
[2012/12/10 17:24:50 | 000,145,927 | ---- | C] () -- C:\Program Files\ReleaseNotes.rtf
[2012/12/10 10:50:56 | 000,044,906 | ---- | C] () -- C:\Program Files\hamachi.lng
[2012/06/01 13:06:11 | 000,000,600 | -H-- | C] () -- C:\Users\Stevo.Agnes\AppData\Local\PUTTY.RND
[2012/06/01 13:05:20 | 000,000,600 | ---- | C] () -- C:\Users\Stevo.Agnes\AppData\Roaming\winscp.rnd
[2012/06/01 10:37:44 | 000,001,356 | ---- | C] () -- C:\Users\Stevo.Agnes\AppData\Local\d3d9caps.dat
[2012/06/01 08:46:08 | 000,023,552 | -H-- | C] () -- C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 10:59:00 | 000,005,931 | -H-- | C] () -- C:\Users\Stevo.Agnes\praat-user-startUp
[2009/10/07 16:50:10 | 000,007,162 | -H-- | C] () -- C:\Program Files\hamachi.cat
[2009/09/03 14:35:20 | 000,040,278 | ---- | C] () -- C:\Program Files\license.rtf
[2009/02/03 18:54:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/04/28 21:17:30 | 000,001,551 | -H-- | C] () -- C:\Program Files\hamachi.inf

========== ZeroAccess Check ==========

[2013/02/19 21:24:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\L
[2013/02/22 17:07:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\U
[2012/09/13 10:13:54 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\L\00000004.@
[2010/10/15 14:48:59 | 000,000,000 | -HSD | M] -- C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\L
[2010/10/15 14:48:59 | 000,000,000 | -HSD | M] -- C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\U
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\n.

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/18 00:03:51 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Braid
[2012/11/29 00:22:27 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Brainwave
[2012/06/25 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\calibre
[2012/06/15 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Cambridge
[2013/03/24 12:25:19 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\DAEMON Tools Pro
[2013/03/24 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox
[2012/06/15 19:27:27 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Epson
[2012/06/01 10:39:20 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\GHISLER
[2012/08/12 14:37:51 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\LolClient
[2012/06/03 14:30:10 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\LolClient2
[2012/06/01 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Notepad++
[2013/01/26 13:15:05 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Sublime Text 2
[2012/06/01 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Subversion
[2012/06/01 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\Thunderbird
[2012/10/11 14:39:38 | 000,000,000 | ---D | M] -- C:\Users\Stevo.Agnes\AppData\Roaming\YoudaGames

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will post some instructions for you soon.
  • 0

#3
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi moose35,

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please follow the instructions below:

You have the following Peer-to-Peer program(s) installed:

BitComet

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

Step 1: Run OTL fix.
Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    MOD - [2013/01/24 12:32:48 | 001,057,280 | ---- | M] () -- c:\Program Files\ContinueToSave\sprotector.dll
    MOD - [2013/01/24 12:25:02 | 001,044,480 | ---- | M] () -- c:\Program Files\WebSearch\sprotector.dll
    MOD - [2013/01/24 12:20:16 | 001,032,704 | ---- | M] () -- c:\Program Files\SimpleSpeedy\sprotector.dll
    MOD - [2013/01/24 12:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll
    
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahy92kvk)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acl8qwrk)
    
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-...695&lg=EN&cc=SK
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-...695&lg=EN&cc=SK
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-...695&lg=EN&cc=SK
    IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
    IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-...695&lg=EN&cc=SK
    
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    
    [2012/06/01 15:06:19 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/05 16:43:19 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]
    [2013/03/09 12:00:34 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]
    [2012/01/12 01:09:00 | 000,000,935 | ---- | M] () -- C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\firefox\profiles\252w060n.default\searchplugins\conduit.xml
    
    CHR - homepage: http://websearch.pu-...695&lg=EN&cc=SK
    
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
    O2 - BHO: (continuetosave) - {49C988D4-5791-D4CB-3764-4069C59FF66B} - C:\ProgramData\continuetosave\5103cc989f039.dll ()
    O2 - BHO: (SSEyaarch-NNewTaab) - {57DB64C7-184F-485C-36A2-9992082CD468} - C:\ProgramData\SSEyaarch-NNewTaab\51463becaf7f3.dll ()
    O2 - BHO: (Browyse2Saave) - {D8066D8A-BEC4-9C42-7AC0-443DE3A07004} - C:\ProgramData\Browyse2Saave\51463b764adf4.dll ()
    O2 - BHO: (Bcool Class) - {F1098A91-7B3F-5061-2F4E-8A6D3653D11E} - C:\ProgramData\Bcool\bhoclass.dll ()
    
    O20 - AppInit_DLLs: (c:\progra~1\contin~1\sprote~1.dll) - c:\Program Files\ContinueToSave\sprotector.dll ()
    O20 - AppInit_DLLs: (c:\progra~1\simple~1\sprote~1.dll) - c:\Program Files\SimpleSpeedy\sprotector.dll ()
    O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll ()
    O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Program Files\WebSearch\sprotector.dll ()
    
    [2013/03/17 22:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSEyaarch-NNewTaab
    [2013/03/17 22:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SSEyaarch-NNewTaab
    [2013/03/17 22:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
    [2013/03/17 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
    [2013/03/17 22:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\BrowseToSave
    [2013/03/17 22:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browyse2Saave
    [2013/03/17 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Browyse2Saave
    
    [2013/03/24 16:24:33 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\schedule!1143840799.job
    
    :Files
    C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}
    C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}
    C:\ProgramData\continuetosave
    c:\Program Files\SimpleSpeedy
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    :Commands
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run RogueKiller.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Things I need in your next reply:
  • OTL fix log
  • RogueKiller logs
  • adwCleaner log
  • How is your computer running now?

  • 0

#4
moose35

moose35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for the speedy reply. I've done all you said, and the computer is running much more smoothly and better. And it actually started up without freezing! (I did the scans in safe mode).

Here are the log files you requested:

1.) OTL Fix



========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Error: No service named ahy92kvk was found to stop!
Service\Driver key ahy92kvk not found.
Error: No service named acl8qwrk was found to stop!
Service\Driver key acl8qwrk not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\252w060n.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected] folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected] folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Roaming\mozilla\firefox\profiles\252w060n.default\searchplugins\conduit.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49C988D4-5791-D4CB-3764-4069C59FF66B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49C988D4-5791-D4CB-3764-4069C59FF66B}\ deleted successfully.
C:\ProgramData\continuetosave\5103cc989f039.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57DB64C7-184F-485C-36A2-9992082CD468}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57DB64C7-184F-485C-36A2-9992082CD468}\ deleted successfully.
C:\ProgramData\SSEyaarch-NNewTaab\51463becaf7f3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8066D8A-BEC4-9C42-7AC0-443DE3A07004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8066D8A-BEC4-9C42-7AC0-443DE3A07004}\ deleted successfully.
C:\ProgramData\Browyse2Saave\51463b764adf4.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1098A91-7B3F-5061-2F4E-8A6D3653D11E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1098A91-7B3F-5061-2F4E-8A6D3653D11E}\ deleted successfully.
C:\ProgramData\Bcool\bhoclass.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\contin~1\sprote~1.dll deleted successfully.
c:\Program Files\ContinueToSave\sprotector.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\simple~1\sprote~1.dll deleted successfully.
c:\Program Files\SimpleSpeedy\sprotector.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\browse~1\sprote~1.dll deleted successfully.
c:\Program Files\BrowseToSave\sprotector.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\websea~1\sprote~1.dll deleted successfully.
c:\Program Files\WebSearch\sprotector.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSEyaarch-NNewTaab folder moved successfully.
C:\ProgramData\SSEyaarch-NNewTaab folder moved successfully.
C:\ProgramData\SoftSafe\Setup folder moved successfully.
C:\ProgramData\SoftSafe folder moved successfully.
C:\Program Files\WebSearch folder moved successfully.
C:\Program Files\BrowseToSave folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browyse2Saave folder moved successfully.
C:\ProgramData\Browyse2Saave folder moved successfully.
C:\Windows\Tasks\schedule!1143840799.job moved successfully.
========== FILES ==========
C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\U folder moved successfully.
C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\L folder moved successfully.
C:\Windows\Installer\{df3526c4-1639-3b4c-90e4-2d9be1f15b41} folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\U folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41}\L folder moved successfully.
C:\Users\Stevo.Agnes\AppData\Local\{df3526c4-1639-3b4c-90e4-2d9be1f15b41} folder moved successfully.
C:\ProgramData\continuetosave folder moved successfully.
c:\Program Files\SimpleSpeedy folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03242013_211413


Rogue Killer 1:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User : Stevo [Admin rights]
Mode : Scan -- Date : 03/24/2013 21:15:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 +++++
--- User ---
[MBR] b0df7111b2a1c2119377eedfe0e3d5bb
[BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21166080 | Size: 292348 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 2f99bfebd09c9400db6595403c4d5b83
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2088 | Size: 7690 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03242013_02d2115.txt >>
RKreport[1]_S_03242013_02d2115.txt



Rogue Killer 2:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User : Stevo [Admin rights]
Mode : Remove -- Date : 03/24/2013 21:16:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 +++++
--- User ---
[MBR] b0df7111b2a1c2119377eedfe0e3d5bb
[BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21166080 | Size: 292348 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 2f99bfebd09c9400db6595403c4d5b83
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2088 | Size: 7690 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03242013_02d2116.txt >>
RKreport[1]_S_03242013_02d2115.txt ; RKreport[2]_D_03242013_02d2116.txt



Rogue Killer 3:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User : Stevo [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/24/2013 21:24:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 5 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 275 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1288 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_03242013_02d2124.txt >>
RKreport[1]_S_03242013_02d2115.txt ; RKreport[2]_D_03242013_02d2116.txt ; RKreport[3]_SC_03242013_02d2124.txt



AdwCleaner:

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 21:28:33
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Stevo - AGNES
# Boot Mode : Safe mode
# Running from : C:\Users\Stevo.Agnes\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\ProgramData\ClickIT
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

-\\ Google Chrome v25.0.1364.172

*************************

AdwCleaner[S1].txt - [2582 octets] - [24/03/2013 21:28:33]

########## EOF - C:\AdwCleaner[S1].txt - [2642 octets] ##########


Thanks a bunch, again.
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi moose35,

Is Google Chrome still installed on your computer? If so, could you please open it and let me know what extensions are installed.

  • Click the Chrome menu Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions.

Also, we need to see if system restore is working. Try to set a restore point in Normal Mode and see if it works.

To set up a restore point, follow these steps:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Now let's sweep for remnants.

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • Answers to my questions
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP