Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware info from NotePad. I need help. [Solved]

Started by itsmesunny , Jun 13 2014 12:54 PM

  • This topic is locked This topic is locked

#76
itsmesunny
Posted 30 June 2014 - 12:05 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

i gotta serious problem here.

I screwed around and lost the menu on firefox.

so i opened chrome and there is none there either.

i cannot copy/paste it.


  • 0

Advertisements

#77
Essexboy
Posted 30 June 2014 - 12:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

See if this gets the toolbar back https://support.mozi...ull-screen-mode


  • 0

#78
itsmesunny
Posted 30 June 2014 - 12:27 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

I got it back.

 

But somehow I have some stupid malware (?)garbage - freesoftoday. I guess it's an app and a chat box comes up on top right.

 

I don't know what I did but these stupid ads come up. I am sorry. Gotta do it all over again - ? :help:

 

 

 

:bashhead:


Edited by itsmesunny, 30 June 2014 - 01:17 PM.

  • 0

#79
Essexboy
Posted 30 June 2014 - 12:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AdwCleaner should remove that

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 1

#80
itsmesunny
Posted 30 June 2014 - 01:15 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

well I went to programs - add or delete - and removed freesofttoday, fraveen, and tool marker (?) and restarted and the ads are gone now

 

BUT

 

the homepage still gets changed to "Trovi."

 

So should I still do adwcleaner or something else?

 

I am  sorry Eb. I just need to stop trying to make changes - at least until this process is done.

 

:X


Edited by itsmesunny, 30 June 2014 - 01:19 PM.

  • 0

#81
Essexboy
Posted 30 June 2014 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that will reset the search page.

Also I would like you to install the following programme, it will stop the majority of the garbage.
This one is install and forget, it does everything by itself quietly

A small tool that may help when you download programmes

http://unchecky.com/

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder


Right click on the Unchecky_setupuncheckysetupicon.png or folder and choose to Run as Administrator

Once open click the Install button.

uncheckysetupwindow.png

Then click on Finish

uncheckyfinishsetupwindow.png

Unchecky is now installed and will help you keep unwanted check boxes unchecked ;)
  • 0

#82
itsmesunny
Posted 30 June 2014 - 01:41 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

Ok. I installed Unchecky.

 

Then tried adwcleaner. it did not finish.

 

8 popups came up titled AutoItCOM Test with info, each one different  I did not copy them) and then:

Line 4416 (File "C\| Documents and Settings\User\Desktop\AdwCleaner.exe.


  • 0

#83
Essexboy
Posted 30 June 2014 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Okey dokey could you run a fresh OTL scan for me please
  • 0

#84
itsmesunny
Posted 30 June 2014 - 02:03 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

You mean without checking "LOP" and "Purity Check" - ?


Edited by itsmesunny, 30 June 2014 - 02:04 PM.

  • 0

#85
Essexboy
Posted 30 June 2014 - 02:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No check those as well please
  • 0

Advertisements

#86
itsmesunny
Posted 30 June 2014 - 02:47 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

Ok Eb here ya go!

 

I am heading out for a while. Gotta take a break from this stuff.

 

Thank you so much for helping me with this mess.

 

We must be breaking some kind of record here - hmm?

 

:yeah: 

 

OTL logfile created on: 6/30/2014 4:25:49 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 592.48 Mb Available Physical Memory | 57.92% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 43.16 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 37.12 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
 
Computer Name: USER-R6PHPMKAQL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/30 15:28:01 | 000,320,104 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_bg.exe
PRC - [2014/06/30 15:28:01 | 000,107,624 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_svc.exe
PRC - [2014/06/30 14:25:32 | 003,353,568 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe
PRC - [2014/06/26 16:40:37 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/26 16:33:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/26 05:30:04 | 005,350,208 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/06/26 05:30:04 | 003,214,144 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/06/26 05:30:04 | 002,832,704 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/06/13 12:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/06/12 15:47:56 | 000,262,720 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\A8LMOTVO.4B3\RO0X0G3X.50N\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
PRC - [2014/05/07 15:00:32 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
PRC - [2013/07/01 23:09:34 | 000,084,184 | ---- | M] (Weather Notifications, LLC) -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/30 14:35:11 | 002,789,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14063001\algo.dll
MOD - [2014/06/30 14:25:32 | 003,353,568 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe
MOD - [2014/06/26 16:33:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/06/06 14:10:49 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/06/06 14:09:13 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/06/05 14:52:00 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/06/05 14:44:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/06/05 14:11:36 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/06/05 14:11:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/06/05 14:10:43 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/06/05 14:07:09 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/06/05 14:06:53 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/07/09 01:02:46 | 000,076,000 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
MOD - [2013/07/09 01:02:42 | 000,348,384 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\ToggleMark\updateToggleMark.exe -- (Update ToggleMark)
SRV - File not found [Auto | Stopped] -- mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- mbamscheduler.exe -- (MBAMScheduler)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/30 15:28:01 | 000,107,624 | ---- | M] (RaMMicHaeL) [Auto | Running] -- C:\Program Files\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2014/06/30 13:45:33 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/06/30 13:45:33 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/06/26 17:50:01 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/26 16:33:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/06/26 05:30:04 | 002,832,704 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/06/23 20:22:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/07 15:00:32 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\jl2005c.sys -- (JL2005C)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/06/26 16:40:07 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/06/26 16:40:06 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/06/26 16:40:06 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/06/26 16:34:01 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/06/26 16:34:01 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/06/26 16:34:00 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/06/26 16:34:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/06/26 16:34:00 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/06/13 11:10:22 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/10 17:33:22 | 000,009,597 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bpusbflt.sys -- (bpusbflt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...13714DE1F&SSPV=
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:10.1
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bd4e0dc9c-c356-438e-afbe-dca439f4399d%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/26 16:34:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/06/05 15:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/06/30 14:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions
[2014/06/13 17:01:50 | 000,166,573 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions\[email protected]
[2014/06/13 18:10:16 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2014/06/29 19:05:46 | 000,013,322 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}.xpi
[2014/06/30 15:35:08 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\searchplugins\trovi-search.xml
[2014/06/07 20:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/23 20:23:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Trovi search (Enabled)
CHR - default_search_provider: search_url = http://www.trovi.com...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.secci...={searchTerms},
CHR - homepage: http://www.trovi.com...13714DE1F&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/06/30 16:23:46 | 000,001,203 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O1 - Hosts: ਍਍‣湵档捥祫扟来湩਍‣桔獥⁥畲敬⁳敷敲愠摤摥戠⁹桴⁥湕档捥祫瀠潲牧浡椠牯敤⁲潴戠潬正愠癤牥楴楳杮猠景睴牡⁥潭畤敬൳《〮〮〮琠慲正湩⹧灯湥慣摮⹹潣⹭㍳愮慭潺慮獷挮浯਍⸰⸰⸰‰敭楤⹡灯湥慣摮⹹潣൭《〮〮〮挠湤漮数据湡祤挮浯਍⸰⸰⸰‰牴捡楫杮漮数据湡祤挮浯਍⸰⸰⸰‰灡⹩灯湥慣摮⹹潣൭《〮〮〮椠獮慴汬牥戮瑥整楲獮慴汬牥挮浯਍⸰⸰⸰‰湩瑳污敬⹲楦敬畢汬潤⹧潣൭《〮〮〮搠漳瑸ㅮ㍸㡢㝤⹩汣畯晤潲瑮渮瑥਍⸰⸰⸰‰湩潮戮獩癲挮浯਍⸰⸰⸰‰獮獩戮獩癲挮浯਍⸰⸰⸰‰摣⹮楦敬搲獥瑫灯挮浯਍⸰⸰⸰‰摣⹮潧瑡慥瑳慣档甮൳《〮〮〮挠湤朮瑵慴瑳瑡此甮൳《〮〮〮挠湤椮獮楫浮摥慩挮浯਍⸰⸰⸰‰摣⹮湩瑳⹡楯畢摮敬㉳挮浯਍⸰⸰⸰‰摣⹮湩瑳⹡汰祡牢瑹⹥潣൭《〮〮〮挠湤氮潬敧晴獡捴捡⹨獵਍⸰⸰⸰‰摣⹮潭瑮敩慲挮浯਍⸰⸰⸰‰摣⹮獭睤汮⹤潣൭《〮〮〮挠湤洮灹扣捡畫⹰潣൭《〮〮〮挠湤瀮摰睯汮慯⹤潣൭《〮〮〮挠湤爮捩慥整獡捴捡⹨獵਍⸰⸰⸰‰摣⹮桳慹潰慴潴甮൳《〮〮〮挠湤献汯浩慢挮浯਍⸰⸰⸰‰摣⹮畴潴瀴⹣潣൭《〮〮〮挠湤愮灰潲湵⹤楢ൺ《〮〮〮挠湤戮杩灳敥灤潲挮浯਍⸰⸰⸰‰摣⹮楢灳⹤潣൭《〮〮〮挠湤戮獩癲挮浯਍⸰⸰⸰‰摣⹮摣摮⹰潣൭《〮〮〮挠湤搮睯汮慯⹤睳敥灴捡獫挮浯਍⸰⸰⸰‰摣⹮灤潤湷潬摡挮浯਍⸰⸰⸰‰摣⹮楶畳污敢⹥敮൴⌊甠据敨正役湥൤
O1 - Hosts: , "http://p.acxiom-online.com/", 3.1714050174239996, "http://p.adsymptotic.com/", 2.2086570657060003, "http://r.nexac.com/", 2.2086570657060003, "http://su.addthis.com/", 2.2086570657060003, "http://tags.crwdcntrl.net/", 2.529573049612 ] ], [ "http://cm.g.doubleclick.net/", [ "http://cm.g.doubleclick.net/", 2.2086570657060003, "http://rp.gwallet.com/", 2.2086570657060003 ] ], [ "http://googleads.g.doubleclick.net/", [ "http://googleads.g.doubleclick.net/", 2.2086570657060003, "http://t0.gstatic.com/", 2.2086570657060003, "http://www.gstatic.com/", 2.2086570657060003, "https://googleads.g.doubleclick.net/", 2.529573049612, "https://www.google.com/", 2.529573049612 ] ], [ "http://www.driverupdate.net/", [ "http://beacon-6.newrelic.com/", 2.2086570657060003, "http://dev.visualwebsiteoptimizer.com/", 2.529573049612, "http://googleads.g.doubleclick.net/", 2.2086570657060003, "http://images.scanalert.com/", 2.2086570657060003, "http://js-agent.newrelic.com/", 2.2086570657060003, "http://trk.kissmetrics.com/", 2.850489033518, "http://www.driverupdate.net/", 9.589724695543998, "http://www.google-analytics.com/", 2.850489033518, "http://www.google.com/", 2.2086570657060003, "http://www.googleadservices.com/", 2.2086570657060003 ] ], [ "http://www.geekstogo.com/", [ "http://i2.wp.com/", 8.626976743825997, "http://ib.adnxs.com/", 3.4923210013299997, "http://imp2.bizographics.com/", 2.529573049612, "http://pagead2.googlesyndication.com/", 3.8132369852359993, "http://www.bizographics.com/", 2.529573049612, "http://www.geekstogo.com/", 16.008044373663996, "http://www.gravatar.com/", 8.947892727731997, "https://api.bizographics.com/", 2.2086570657060003, "https://idsync.rlcdn.com/", 2.2086570657060003, "https://pixel.tapad.com/", 2.2086570657060003 ] ], [ "http://www.startpage.com/", [ "https://www.startpage.com/", 2.2086570657060003 ] ], [ "http://www.trovi.com/", [ "http://ad.doubleclick.net/", 1.4577136633659602, "http://resources.trovi.com/", 2.3049318608777996, "http://storage.stgbssint.com/", 1.4577136633659602 ] ], [ "https://accounts.google.com/", [ "https://apis.google.com/", 1.45771366336596, "https://oauth.googleusercontent.com/", 1.45771366336596, "https://ssl.gstatic.com/", 1.45771366336596 ] ], [ "https://apis.google.com/", [ "https://apis.google.com/", 2.1673230869789073 ] ], [ "https://www.facebook.com/", [ "https://fbstatic-a.akamaihd.net/", 1.4227980043169872 ] ], [ "https://www.startpage.com/", [ "https://www.startpage.com/", 5.096900920859999 ] ] ],
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [fst_us_130]  File not found
O4 - HKLM..\Run: [t4pc_en_8]  File not found
O4 - HKLM..\Run: [upfst_us_130.exe] C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe ()
O4 - HKLM..\Run: [upt4pc_en_8.exe] C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upt4pc_en_8.exe -runhelper File not found
O4 - HKU\S-1-5-21-602162358-1275210071-725345543-1004..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\A8LMOTVO.4B3\RO0X0G3X.50N\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\New Folder [2013/03/26 17:31:22 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..Trusted Domains:   ([]msn in My Computer)
O15 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1361498489609 (WUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.5.171.1 207.5.171.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{634B396E-E712-4557-A5CD-7BD60338E14C}: DhcpNameServer = 207.5.171.1 207.5.171.2
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 09:13:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/30 15:30:12 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/06/30 15:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky
[2014/06/30 15:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Unchecky
[2014/06/30 14:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/06/30 13:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\freeSOFTtoday
[2014/06/30 13:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2308189059
[2014/06/30 13:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
[2014/06/30 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\globalUpdate
[2014/06/30 13:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/06/30 13:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/06/30 13:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Weather_Notifications,_LL
[2014/06/30 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/06/30 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130
[2014/06/30 13:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Severe Weather Alerts
[2014/06/30 13:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts
[2014/06/30 13:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
[2014/06/30 12:43:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/26 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/06/26 16:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/06/26 16:34:13 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/26 16:34:12 | 000,777,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/26 16:34:12 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1403815204015
[2014/06/26 16:34:11 | 000,411,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/26 16:34:10 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/26 16:34:10 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1403815204015
[2014/06/26 16:34:10 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/26 16:33:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/25 11:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/06/25 11:28:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/23 18:06:22 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/13 13:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/13 12:25:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/06/12 19:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Dell
[2014/06/12 19:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2014/06/12 19:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/06/12 18:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dell
[2014/06/12 15:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/06/12 15:49:20 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/09 13:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sample Playlists
[2014/06/09 11:46:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/06/09 08:06:38 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2014/06/09 08:06:38 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2014/06/08 19:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2014/06/08 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/06/08 10:33:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2014/06/07 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2014/06/07 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/06/07 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/06/07 10:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/06/07 09:17:13 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/06/06 20:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Local_Weather_LLC
[2014/06/06 20:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Weather Alerts
[2014/06/06 17:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HpUpdate
[2014/06/06 17:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2014/06/06 13:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2014/06/06 12:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2014/06/06 12:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2014/06/06 12:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt
[2014/06/06 12:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Azureus
[2014/06/06 10:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search
[2014/06/06 10:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ApplicationHistory
[2014/06/06 09:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/06/06 09:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/06/06 09:15:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/06/06 09:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2014/06/06 09:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2014/06/06 09:13:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/06/06 09:11:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2014/06/06 09:11:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2014/06/06 09:11:39 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2014/06/06 09:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2014/06/06 08:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2014/06/06 08:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/06/06 08:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LavasoftStatistics
[2014/06/06 08:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2014/06/06 08:17:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Common Files
[2014/06/06 08:15:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/06/05 20:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
[2014/06/05 20:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014/06/05 20:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/06/05 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2014/06/05 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2014/06/05 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/06/05 15:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/06/05 15:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/05 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IDM2
[2014/06/05 14:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Deployment
[2014/06/05 14:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/06/05 13:47:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/06/05 13:44:07 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2014/06/05 13:43:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/06/05 13:43:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/06/05 13:43:20 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/06/05 13:43:20 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/06/05 13:43:20 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/06/05 13:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2014/06/05 13:38:39 | 000,000,000 | ---D | C] -- C:\Users
[2014/06/05 13:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/06/05 13:37:58 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/06/05 13:37:58 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/06/05 13:37:49 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/06/05 13:37:49 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/06/05 13:37:49 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/06/05 13:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/30 16:39:10 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/30 16:23:46 | 000,001,203 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/30 16:23:36 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/06/30 16:23:35 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/30 16:23:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/30 16:21:40 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/30 16:13:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/06/30 16:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/30 13:51:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/30 13:47:37 | 000,000,000 | ---- | M] () -- C:\END
[2014/06/30 13:41:45 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/30 13:41:44 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/29 09:50:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/26 17:49:41 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/06/26 17:49:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/06/26 16:40:57 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast.lnk
[2014/06/26 16:40:07 | 000,777,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/26 16:40:06 | 000,411,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/26 16:40:06 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/26 16:34:01 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1403815204015
[2014/06/26 16:34:01 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/26 16:34:01 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/26 16:34:00 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/26 16:34:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1403815204015
[2014/06/26 16:34:00 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/26 16:34:00 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/06/26 16:33:58 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/06/26 16:33:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/26 16:14:40 | 000,526,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/06/26 16:14:40 | 000,096,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/06/26 16:13:32 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/06/13 12:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/06/13 11:10:22 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/06/13 10:32:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/13 09:03:13 | 000,740,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/12 19:37:55 | 000,000,289 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/06/09 13:21:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/06/09 13:21:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/06/09 11:46:03 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/06/08 09:19:53 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/08 09:19:53 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/07 20:24:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/07 20:24:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2014/06/06 12:13:55 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/06/06 10:36:39 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/06 09:13:30 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/06/06 08:18:18 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/06/05 15:13:17 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
========== Files Created - No Company Name ==========
 
[2014/06/30 15:11:08 | 001,346,519 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/06/30 13:46:28 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/30 13:46:25 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/06/30 13:41:45 | 000,002,227 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/30 13:41:44 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/30 13:41:01 | 000,000,000 | ---- | C] () -- C:\END
[2014/06/26 16:40:57 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast.lnk
[2014/06/26 16:39:51 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/26 16:34:12 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/26 16:34:11 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/26 16:34:10 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/06/26 16:13:26 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2014/06/13 10:32:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/13 10:32:23 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
[2014/06/12 18:16:18 | 000,455,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1275210071-725345543-1004-0.dat
[2014/06/09 13:21:06 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/06/09 13:21:06 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/06/09 12:39:32 | 000,740,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/08 09:21:32 | 000,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/07 20:24:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/07 20:24:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/07 20:24:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2014/06/06 21:01:55 | 000,417,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/06/06 12:13:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/06/06 12:13:43 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2014/06/06 09:13:30 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2014/06/06 09:13:30 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/06/06 08:18:18 | 000,000,000 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/06/05 20:17:24 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/06/05 14:47:18 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/05 14:47:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/04/13 15:36:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2013/04/13 15:13:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2013/03/27 16:09:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/02/28 21:22:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2013/02/23 03:04:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/20 19:53:12 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/11 16:16:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 12:44:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Ÿ9Ÿ9
 
========== ZeroAccess Check ==========
 
[2009/06/17 09:47:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2009/04/29 00:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/06/30 13:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2308189059
[2014/06/08 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2014/06/26 16:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/06/06 08:15:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/28 13:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hallmark
[2014/06/26 16:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/06/08 11:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2013/05/21 19:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2013/03/04 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\egamestoolbar
[2013/02/23 03:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FoxyTunes
[2014/06/12 21:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IDM2
[2013/02/20 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhotoParade
[2013/05/21 19:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\player
[2014/06/06 09:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2014/06/06 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by itsmesunny, 30 June 2014 - 02:49 PM.

  • 0

#87
Essexboy
Posted 30 June 2014 - 03:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No I have had worse :)

Download the attached fix.txt to your desktop (delete the old ones first)


Start OTL and press Run Fix
When the dialogue appears navigate to the desktop and select fix.txt
Press run fix again
On reboot please post the log
  • 0

#88
itsmesunny
Posted 30 June 2014 - 05:08 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

Okey Dokey - I checked scan all users, LOp and Purity. I hope that was right. :rolleyes:

 

Here ya go:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "www.startpage.com" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8861423-0DAB-459E-A8D5-DB264E69E70C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8861423-0DAB-459E-A8D5-DB264E69E70C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_92 not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SB Audigy 2 Startup Menu not found.
Folder C:\Documents and Settings\All Users\Application Data\PC HealthFix\ not found.
Folder C:\Program Files\TotalSystemCare\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\PCHealth\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\com\ not found.
Folder C:\Documents and Settings\LocalService\Application Data\McAfee\ not found.
Folder C:\Documents and Settings\All Users\Application Data\McAfee\ not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert.job not found.
File C:\WINDOWS\tasks\SystemToolsDailyTest.job not found.
File C:\WINDOWS\tasks\PC HealthFix Malware Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Alert.job not found.
File C:\WINDOWS\PCHealthFix.INI not found.
File C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job not found.
File C:\WINDOWS\System32\drivers\avgtpx86.sys not found.
File C:\Documents and Settings\User\My Documents\fix.bat not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert 2.job not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Malware Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Warning.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Alert.job not found.
File C:\WINDOWS\PCHealthFix.INI not found.
File C:\WINDOWS\tasks\ParetoLogic Update Version3_triggeronce.job not found.
File C:\WINDOWS\tasks\Wise Turbo Checker.job not found.
File C:\WINDOWS\tasks\SparkTrust Update Version3_triggeronce.job not found.
File C:\WINDOWS\tasks\DTChk.job not found.
Folder C:\Documents and Settings\All Users\Application Data\PC HealthFix\ not found.
Folder C:\Documents and Settings\All Users\Application Data\PCDr\ not found.
Folder C:\Documents and Settings\All Users\Application Data\rse\ not found.
Folder C:\Documents and Settings\User\Application Data\ilividtoolbargaw\ not found.
Folder C:\Documents and Settings\User\Application Data\Individual Software\ not found.
Folder C:\Documents and Settings\User\Application Data\PCDr\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Description"|"Provides systems management information to and from drivers." /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"DisplayName"|"Windows Management Instrumentation Driver Extensions" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ObjectName"|"LocalSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Start"|dword:00000003 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters\\"ServiceMain"|"WdmWmiServiceMain" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Security\\"Security"|hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 55453835 bytes
->Temporary Internet Files folder emptied: 20912266 bytes
->FireFox cache emptied: 58803623 bytes
->Google Chrome cache emptied: 8801707 bytes
->Flash cache emptied: 1534 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 137.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06302014_185657

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#89
itsmesunny
Posted 30 June 2014 - 05:26 PM

itsmesunny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 308 posts

Hi!

 

When I tried to run Adwcleaner - Toggle Mark came up and then I remembered that I had removed it when I was removing the others earlier. Why? Who knows...


Edited by itsmesunny, 01 July 2014 - 05:43 AM.

  • 0

#90
Essexboy
Posted 01 July 2014 - 06:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It appears that you ran an old fix.txt could you delete all the fix.txts that you have and then download the new one and run it again please


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP