Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hi I keep getting an error message in my firefox browser "navigati

Started by Feather24 , Oct 10 2014 03:22 PM

navigation cancelled virus firefox

This topic is locked

#1
Feather24

Posted 10 October 2014 - 03:22 PM

Member

Member
251 posts

HI I have a quick question I tried the chat room but I think they were too busy or not sure if it is manned over weekend.

I keep getting a message in my firefox browser and wondered if it was a virus?

"navigation to webpage cancelled" is this a virus?

If so can you explain the best way to remove please. I can provide all my PC and system data if need to but wanted to check first here if it was a problem?

I have also noticed a few problems with my computer being very slow and recently I had problems logging into my online banking and wondered if all these things are connected?

thanks for your help.

#2
zep516

Posted 10 October 2014 - 04:35 PM

Trusted Helper

Malware Removal
8,095 posts

Hello Feather24,

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First
Lets look at a full diagnostics scan using OTL..

Please download OTL to your Desktop

Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox
and
Check the option for All under the Extra Registry section
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Thanks
Joe

#3
Feather24

Posted 11 October 2014 - 01:21 PM

Member

Topic Starter
Member
251 posts

Hi Just to let you know I'm doing it however I struggled to get on today as my computer was doing a scan for about 3hrs (AVG). Had to reboot several times. I also have been getting a couple of other things that seems fishy.

1. when I open firefox I can see the download button working for some reason (I'm not downloading anything)

2. when in facebook I often get message about script - either to stop it, continue etc.

I thought these all might be symptoms too so I have included the info here.

thanks Joe for your help.

Edited by Feather24, 11 October 2014 - 01:27 PM.

#4
Feather24

Posted 11 October 2014 - 01:44 PM

Member

Topic Starter
Member
251 posts

#5
Feather24

Posted 11 October 2014 - 01:46 PM

Member

Topic Starter
Member
251 posts

OTL Extras logfile created on: 11/10/2014 20:28:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.95% Memory free
3.98 Gb Paging File | 2.85 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 134.37 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 7.51 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 285.55 Gb Free Space | 61.32% Space Free | Partition Type: FAT32

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{288E7A93-92A8-419D-9B48-1E160607D18F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F3E3B36-93B1-480B-95C0-85995E163C67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{30636BD0-7ECA-4455-8AA6-0497B4273B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{7668AC32-9FA3-4FF2-BD76-F5653FD7A144}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{8B3D5E4B-AB49-417D-957F-A54685D0A10F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8E6763E6-6E86-436E-A28E-28261E655D98}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{AB1FD2F4-A994-48BA-947E-AE64B70B0E1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{AE9BA5BF-B251-4DB9-A0E0-61E4DEFCBFDC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{BDF49E80-90C1-49FF-AA7E-CC212F89E778}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{D77C773C-1CCA-47A1-9B78-9B8C1A3D100F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{DE5B138F-9F0D-413F-B1E5-F3AFB45F1F82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{17B70602-91E3-4DEA-9C5C-9CEE84326E73}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{B18BE84B-12F4-4E70-83D5-6E71D51ECB14}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23111ACA-5310-4658-8E94-98A5BAF335AC}" = AVG 2014
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5D60AB1A-2409-4829-83D4-0972856D885A}" = Microsoft SQL Server 2008 Setup Support Files
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Trust Webcam Live
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}" = Citrix Online Launcher
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C2E455CE-A952-4711-9505-51A8898B113F}" = ArcSoft WebCam Companion 2
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}" = Evernote v. 5.6.4
"{E3B2301A-17BB-441E-B432-FF4DC8549B8A}" = DriverUpdate
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F37413EB-9B55-4764-AC88-90BCBB3D4695}" = AVG 2014
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Amazon Kindle For PC" = Amazon Kindle For PC
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2014
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CCleaner" = CCleaner
"Coupon Printer2.2.0.1" = Coupon Printer
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX3800 User's Guide" = ESDX3800 User's Guide
"FinePrint" = FinePrint
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IAW20" = IAW20
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pamela" = Pamela Pro 4.7
"Picasa 3" = Picasa 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TVWiz" = Intel® TV Wizard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Vision Board" = Vision Board 1.31
"VisionBoard Movie Recorder" = VisionBoard Movie Recorder 1.00
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XNote Stopwatch" = XNote Stopwatch

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Flux" = f.lux
"GoToMeeting" = GoToMeeting 6.0.0.1259
"Vocal Remover" = Vocal Remover

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/10/2014 05:59:07 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10967

Error - 08/10/2014 05:59:08 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2014 05:59:08 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012

Error - 08/10/2014 05:59:08 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012

Error - 08/10/2014 05:59:09 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2014 05:59:09 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026

Error - 08/10/2014 05:59:09 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026

Error - 08/10/2014 05:59:10 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2014 05:59:10 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14150

Error - 08/10/2014 05:59:10 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14150

[ System Events ]
Error - 28/09/2014 18:17:34 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 29/09/2014 04:50:55 | Computer Name = Frances-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 30/09/2014 08:18:40 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 03/10/2014 14:13:25 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 03/10/2014 14:53:17 | Computer Name = Frances-PC | Source = DCOM | ID = 10010
Description =

Error - 08/10/2014 05:59:32 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 08/10/2014 13:18:28 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 10/10/2014 06:23:39 | Computer Name = Frances-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/10/2014 06:23:39 | Computer Name = Frances-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/10/2014 06:24:23 | Computer Name = Frances-PC | Source = WMPNetworkSvc | ID = 866300
Description =

< End of report >

#6
zep516

Posted 11 October 2014 - 02:56 PM

Trusted Helper

Malware Removal
8,095 posts

Hello,

The first log you posted to me OTL.TXT is missing quite a bit of data. Please copy the entire log, just OTL.TXT and paste it in again.

I also noticed you have Malwarebytes installed. Have you scanned with that ?

Thanks
Joe

#7
Feather24

Posted 12 October 2014 - 03:04 PM

Member

Topic Starter
Member
251 posts

Hi Malwarebytes is a free trial and it's ended now.

#8
Feather24

Posted 12 October 2014 - 03:07 PM

Member

Topic Starter
Member
251 posts

Hopefully this is everything I selected all and copied it. thanks

OTL logfile created on: 11/10/2014 20:28:22 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.95% Memory free
3.98 Gb Paging File | 2.85 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 134.37 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 7.51 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 285.55 Gb Free Space | 61.32% Space Free | Partition Type: FAT32

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/11 20:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/26 16:47:14 | 001,110,880 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgfws.exe
PRC - [2014/08/25 11:40:08 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2014/08/25 11:39:18 | 000,643,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2014/08/25 11:39:12 | 000,838,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2014/08/25 11:31:58 | 000,657,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/10/23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/18 00:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
PRC - [2011/09/07 15:06:32 | 001,841,664 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/11 17:09:29 | 000,043,008 | ---- | M] () -- c:\Users\Frances\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpjfnt.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/11 11:28:50 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/11 00:57:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/11 00:57:25 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/11 00:57:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/11 00:56:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/11 00:56:22 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/08/26 16:47:16 | 000,436,576 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2014/08/26 16:47:16 | 000,318,304 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe

========== Services (SafeList) ==========

SRV - [2014/09/25 11:09:43 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 13:50:04 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/18 22:36:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/09 10:17:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Frances\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/10/11 20:26:10 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/08/06 10:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/07/21 21:03:22 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/06/30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/24 10:09:03 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 11:00:38 | 000,047,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/09/22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2008/07/28 19:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/01/26 17:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Frances\Desktop
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 4B FD 45 2B 67 CB 01 [binary data]
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/19 14:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/18 17:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Extensions
[2014/07/16 23:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/09/19 14:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/19 14:33:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/09/25 11:09:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Default Profile (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/05/10 10:13:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [f.lux] C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [googletalk] C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [visionboard] C:\Program Files\VisionBoard\visionboardlauncher.exe ()
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AEFD181-F14E-4463-B2D2-39C1367B81A8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/01 17:17:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/11 20:27:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/10/06 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\New folder (2)
[2014/10/06 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop 8
[2014/10/01 13:28:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/09/24 11:02:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/09/24 10:59:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/09/24 10:59:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/09/24 10:59:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/09/24 10:59:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/09/24 10:59:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/09/19 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/18 22:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/18 22:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/18 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\HEALTH
[2014/09/13 16:43:39 | 087,520,056 | ---- | C] (AVG Technologies) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2015_105_24c4.exe
[2014/09/12 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\EFT Tapping solution STRESS
[2014/09/12 11:26:43 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/12 11:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/12 11:25:48 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/09/12 11:25:48 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/09/12 11:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/09/12 11:22:12 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Frances\Desktop\mbam-setup-2.0.2.1012.exe
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/10/11 20:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/10/11 20:26:10 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/11 19:54:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/11 19:49:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/11 17:16:32 | 000,023,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/11 17:16:32 | 000,023,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/11 17:09:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/11 17:08:57 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/10/11 17:08:54 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/09 14:12:46 | 057,605,934 | ---- | M] () -- C:\Users\Frances\Desktop\MTM - Dr. Joseph Riggio Interview.zip
[2014/10/08 19:23:30 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/06 11:08:44 | 048,042,832 | ---- | M] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014(1).mp3
[2014/10/06 10:39:12 | 048,042,832 | ---- | M] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014.mp3
[2014/10/01 15:23:41 | 000,734,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/01 15:23:41 | 000,151,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/29 12:14:02 | 000,000,259 | ---- | M] () -- C:\Users\Frances\Desktop\Our careers.URL
[2014/09/28 13:11:39 | 000,332,207 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 2 - Generating Niche Options.pdf
[2014/09/28 13:11:24 | 000,233,912 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 3 - Evaluating Your Niche.pdf
[2014/09/26 16:52:23 | 001,395,294 | ---- | M] () -- C:\Users\Frances\Desktop\overview-awakening.pdf
[2014/09/25 11:27:46 | 000,256,504 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 1 - Fix The Holes In Your Bucket.pdf
[2014/09/25 10:27:53 | 000,429,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/24 13:50:00 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/24 13:50:00 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/21 16:49:38 | 000,088,844 | ---- | M] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR.pdf.part
[2014/09/21 16:40:10 | 000,673,919 | ---- | M] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR(1).pdf
[2014/09/20 09:55:22 | 036,407,035 | ---- | M] () -- C:\Users\Frances\Desktop\Free tele call with Steven & Chutisa Bowman.mp3
[2014/09/20 09:52:47 | 000,001,053 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/20 09:51:59 | 000,001,025 | ---- | M] () -- C:\Users\Frances\Desktop\Dropbox.lnk
[2014/09/17 15:44:34 | 000,000,022 | ---- | M] () -- C:\Users\Frances\Desktop\book246_pdf.zip
[2014/09/13 16:45:22 | 087,520,056 | ---- | M] (AVG Technologies) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2015_105_24c4.exe
[2014/09/12 11:25:55 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/12 11:22:34 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Frances\Desktop\mbam-setup-2.0.2.1012.exe
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/09 14:11:27 | 057,605,934 | ---- | C] () -- C:\Users\Frances\Desktop\MTM - Dr. Joseph Riggio Interview.zip
[2014/10/06 16:16:29 | 000,334,970 | ---- | C] () -- C:\Users\Frances\Documents\sms-results-fabienne-fredrickson-special-best-of-the-best.pdf
[2014/10/06 11:07:43 | 048,042,832 | ---- | C] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014(1).mp3
[2014/10/06 10:38:11 | 048,042,832 | ---- | C] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014.mp3
[2014/09/29 12:14:02 | 000,000,259 | ---- | C] () -- C:\Users\Frances\Desktop\Our careers.URL
[2014/09/28 13:11:36 | 000,332,207 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 2 - Generating Niche Options.pdf
[2014/09/28 13:11:15 | 000,233,912 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 3 - Evaluating Your Niche.pdf
[2014/09/26 16:52:18 | 001,395,294 | ---- | C] () -- C:\Users\Frances\Desktop\overview-awakening.pdf
[2014/09/25 11:27:42 | 000,256,504 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 1 - Fix The Holes In Your Bucket.pdf
[2014/09/21 16:40:07 | 000,673,919 | ---- | C] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR(1).pdf
[2014/09/21 16:39:39 | 000,088,844 | ---- | C] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR.pdf.part
[2014/09/20 09:54:18 | 036,407,035 | ---- | C] () -- C:\Users\Frances\Desktop\Free tele call with Steven & Chutisa Bowman.mp3
[2014/09/20 09:52:47 | 000,001,053 | ---- | C] () -- C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/17 14:51:46 | 000,000,022 | ---- | C] () -- C:\Users\Frances\Desktop\book246_pdf.zip
[2014/09/12 11:25:55 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/10 09:59:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/10 09:59:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/10 09:59:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/10 09:59:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/10 09:59:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/28 11:21:58 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/04 20:30:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2013/11/04 20:30:04 | 012,028,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2013/11/04 20:30:04 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2013/11/04 20:30:04 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2013/11/04 20:30:04 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2013/10/16 16:17:30 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2013/09/16 09:45:46 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/23 13:26:58 | 000,036,154 | ---- | C] () -- C:\Program Files\cc_20130723_132652.reg
[2013/07/07 14:15:45 | 000,000,151 | ---- | C] () -- C:\Windows\Reimage.ini
[2011/06/27 23:28:39 | 000,015,044 | ---- | C] () -- C:\Program Files\cc_20110627_232823.reg
[2011/06/27 09:30:01 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
[2011/06/07 11:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
[2010/11/08 16:25:25 | 000,004,608 | ---- | C] () -- C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 16:43:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2010/12/10 11:09:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#9
zep516

Posted 12 October 2014 - 03:40 PM

Trusted Helper

Malware Removal
8,095 posts

Hello,

A few items in OTL Log to address and lets run 2 adware scans.

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
:Files
C:\ProgramData\TEMP:0B4227B4
C:\ProgramData\TEMP:5C321E34
ipconfig /flushdns /c

:Commands

[emptytemp]
[resethosts]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.
Next

Please download AdwCleaner by Xplode onto your Desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Click the Report button and the report will open in Notepad.
- NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished and the PC has rebooted.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply to me post the following log reports:
- The OTL Fix log, after you run the fix the computer reboots and the fix log pops up in front of you
- AdwCleaner log after you run the clean option.
- JRT.TXT Log
- New OTL after a quick scan is run.
Thanks
Joe

See Here about Malwarebytes.

#10
Feather24

Posted 13 October 2014 - 04:03 AM

Member

Topic Starter
Member
251 posts

Hi Joe, thanks for the speedy response :yes:

I've included the first log here from OTL scan.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip Image\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip selection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip this page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip URL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
C:\Users\Frances\AppData\Local\BIT6DB1.tmp deleted successfully.
C:\Users\Frances\AppData\Local\BITB8E7.tmp deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\TEMP:0B4227B4 not found.
File\Folder C:\ProgramData\TEMP:5C321E34 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Frances
->Temp folder emptied: 3986653 bytes
->Temporary Internet Files folder emptied: 59064590 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372694209 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 45940 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11099345 bytes
RecycleBin emptied: 1161009725 bytes

Total Files Cleaned = 1,533.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10132014_104851

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#11
Feather24

Posted 13 October 2014 - 04:22 AM

Member

Topic Starter
Member
251 posts

Hi Joe, this is the second scan you asked for in OTL the results of the quick scan. I think this is what you wanted?

OTL logfile created on: 13/10/2014 11:06:10 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.41% Memory free
3.98 Gb Paging File | 2.92 Gb Available in Paging File | 73.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 134.07 Gb Free Space | 57.59% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 8.57 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 282.93 Gb Free Space | 60.76% Space Free | Partition Type: FAT32

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/26 16:47:14 | 001,110,880 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgfws.exe
PRC - [2014/08/25 11:40:08 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2014/08/25 11:39:18 | 000,643,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2014/08/25 11:39:12 | 000,838,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2014/08/25 11:31:58 | 000,657,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/01 20:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL (1).exe
PRC - [2013/10/23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/18 00:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
PRC - [2011/09/07 15:06:32 | 001,841,664 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/13 10:58:08 | 000,043,008 | ---- | M] () -- c:\Users\Frances\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9v3mls.dll
MOD - [2014/09/13 01:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/11 11:28:50 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/11 00:57:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/11 00:57:25 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/11 00:57:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/11 00:56:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/11 00:56:22 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/08/26 16:47:16 | 000,436,576 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2014/08/26 16:47:16 | 000,318,304 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe

========== Services (SafeList) ==========

SRV - [2014/09/25 11:09:43 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 13:50:04 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/18 22:36:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/09 10:17:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Frances\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/10/13 10:48:38 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/08/06 10:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/07/21 21:03:22 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/06/30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/24 10:09:03 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 11:00:38 | 000,047,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/09/22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2008/07/28 19:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/01/26 17:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Frances\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 4B FD 45 2B 67 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/19 14:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/18 17:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Extensions
[2014/07/16 23:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/09/19 14:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/09/19 14:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/19 14:33:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/09/25 11:09:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Default Profile (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/10/13 10:54:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKCU..\Run: [f.lux] C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [googletalk] C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKCU..\Run: [visionboard] C:\Program Files\VisionBoard\visionboardlauncher.exe ()
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AEFD181-F14E-4463-B2D2-39C1367B81A8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/01 17:17:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/13 10:48:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/13 10:46:37 | 001,705,755 | ---- | C] (Thisisu) -- C:\Users\Frances\Desktop\JRT.exe
[2014/10/11 20:27:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/10/06 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\New folder (2)
[2014/10/06 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop 8
[2014/09/19 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/18 22:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/18 22:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/18 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\HEALTH
[2014/09/13 16:43:39 | 087,520,056 | ---- | C] (AVG Technologies) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2015_105_24c4.exe

========== Files - Modified Within 30 Days ==========

[2014/10/13 11:03:53 | 000,023,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/13 11:03:53 | 000,023,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/13 10:56:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/13 10:56:28 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/10/13 10:56:25 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/13 10:54:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/10/13 10:53:36 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/13 10:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/13 10:48:38 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/13 10:46:52 | 001,705,755 | ---- | M] (Thisisu) -- C:\Users\Frances\Desktop\JRT.exe
[2014/10/13 10:44:55 | 001,976,320 | ---- | M] () -- C:\Users\Frances\Desktop\adwcleaner_4.000.exe
[2014/10/11 20:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/10/09 14:12:46 | 057,605,934 | ---- | M] () -- C:\Users\Frances\Desktop\MTM - Dr. Joseph Riggio Interview.zip
[2014/10/08 19:23:30 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/06 11:08:44 | 048,042,832 | ---- | M] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014(1).mp3
[2014/10/06 10:39:12 | 048,042,832 | ---- | M] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014.mp3
[2014/10/01 15:23:41 | 000,734,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/01 15:23:41 | 000,151,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/29 12:14:02 | 000,000,259 | ---- | M] () -- C:\Users\Frances\Desktop\Our careers.URL
[2014/09/28 13:11:39 | 000,332,207 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 2 - Generating Niche Options.pdf
[2014/09/28 13:11:24 | 000,233,912 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 3 - Evaluating Your Niche.pdf
[2014/09/26 16:52:23 | 001,395,294 | ---- | M] () -- C:\Users\Frances\Desktop\overview-awakening.pdf
[2014/09/25 11:27:46 | 000,256,504 | ---- | M] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 1 - Fix The Holes In Your Bucket.pdf
[2014/09/25 10:27:53 | 000,429,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/21 16:49:38 | 000,088,844 | ---- | M] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR.pdf.part
[2014/09/21 16:40:10 | 000,673,919 | ---- | M] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR(1).pdf
[2014/09/20 09:55:22 | 036,407,035 | ---- | M] () -- C:\Users\Frances\Desktop\Free tele call with Steven & Chutisa Bowman.mp3
[2014/09/20 09:52:47 | 000,001,053 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/20 09:51:59 | 000,001,025 | ---- | M] () -- C:\Users\Frances\Desktop\Dropbox.lnk
[2014/09/17 15:44:34 | 000,000,022 | ---- | M] () -- C:\Users\Frances\Desktop\book246_pdf.zip
[2014/09/13 16:45:22 | 087,520,056 | ---- | M] (AVG Technologies) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2015_105_24c4.exe

========== Files Created - No Company Name ==========

[2014/10/13 10:44:44 | 001,976,320 | ---- | C] () -- C:\Users\Frances\Desktop\adwcleaner_4.000.exe
[2014/10/09 14:11:27 | 057,605,934 | ---- | C] () -- C:\Users\Frances\Desktop\MTM - Dr. Joseph Riggio Interview.zip
[2014/10/06 16:16:29 | 000,334,970 | ---- | C] () -- C:\Users\Frances\Documents\sms-results-fabienne-fredrickson-special-best-of-the-best.pdf
[2014/10/06 11:07:43 | 048,042,832 | ---- | C] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014(1).mp3
[2014/10/06 10:38:11 | 048,042,832 | ---- | C] () -- C:\Users\Frances\Desktop\Free Creation Call Oct 5 2014.mp3
[2014/09/29 12:14:02 | 000,000,259 | ---- | C] () -- C:\Users\Frances\Desktop\Our careers.URL
[2014/09/28 13:11:36 | 000,332,207 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 2 - Generating Niche Options.pdf
[2014/09/28 13:11:15 | 000,233,912 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 3 - Evaluating Your Niche.pdf
[2014/09/26 16:52:18 | 001,395,294 | ---- | C] () -- C:\Users\Frances\Desktop\overview-awakening.pdf
[2014/09/25 11:27:42 | 000,256,504 | ---- | C] () -- C:\Users\Frances\Desktop\Start-Up CTC - Exercise 1 - Fix The Holes In Your Bucket.pdf
[2014/09/21 16:40:07 | 000,673,919 | ---- | C] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR(1).pdf
[2014/09/21 16:39:39 | 000,088,844 | ---- | C] () -- C:\Users\Frances\Desktop\hhh_humanistic_results_page_AR.pdf.part
[2014/09/20 09:54:18 | 036,407,035 | ---- | C] () -- C:\Users\Frances\Desktop\Free tele call with Steven & Chutisa Bowman.mp3
[2014/09/20 09:52:47 | 000,001,053 | ---- | C] () -- C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/17 14:51:46 | 000,000,022 | ---- | C] () -- C:\Users\Frances\Desktop\book246_pdf.zip
[2014/05/10 09:59:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/10 09:59:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/10 09:59:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/10 09:59:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/10 09:59:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/28 11:21:58 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/04 20:30:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2013/11/04 20:30:04 | 012,028,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2013/11/04 20:30:04 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2013/11/04 20:30:04 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2013/11/04 20:30:04 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2013/10/16 16:17:30 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2013/09/16 09:45:46 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/23 13:26:58 | 000,036,154 | ---- | C] () -- C:\Program Files\cc_20130723_132652.reg
[2013/07/07 14:15:45 | 000,000,151 | ---- | C] () -- C:\Windows\Reimage.ini
[2011/06/27 23:28:39 | 000,015,044 | ---- | C] () -- C:\Program Files\cc_20110627_232823.reg
[2011/06/27 09:30:01 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
[2011/06/07 11:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
[2010/11/08 16:25:25 | 000,004,608 | ---- | C] () -- C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 16:43:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2010/12/10 11:09:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/17 22:17:12 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Amazon
[2014/06/14 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Audacity
[2010/11/08 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Avery
[2014/09/13 16:56:47 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG
[2013/12/09 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG2014
[2013/10/16 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\coupons
[2014/10/13 10:58:19 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Dropbox
[2011/04/01 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\EPSON
[2011/11/28 00:42:55 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\MP3SkypeRecorder
[2010/10/11 15:56:48 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\OpenOffice.org
[2011/02/18 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Pamela
[2012/01/20 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Tific
[2012/11/24 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TuneUp Software
[2011/08/31 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/07/24 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\WinPatrol
[2014/09/03 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\XNote Stopwatch

========== Purity Check ==========

< End of report >

#12
Feather24

Posted 13 October 2014 - 04:35 AM

Member

Topic Starter
Member
251 posts

I was a bit confused about some of the instructions re: adware cleaner. I have downloaded it ok and run the tool. then I got a message "please uncheck elements you dont want to remove". I could see that there were some suggested files or things under each tab that were selected to be removed.

I clicked on the report button and here is the report results.

One of the selection is the driver updates and I'm thinking they are important to keep rather than delete?

So I've stopped here to check what to do before I clean anything.

# AdwCleaner v4.000 - Report created 13/10/2014 at 11:24:30
# Updated 12/10/2014 by Xplode
# Database : 2014-10-12.3
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\adwcleaner_4.000.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\Reimage.ini

***** [ Scheduled Tasks ] *****

Task Found : driverupdate startup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Reimage
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer2.2.0.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

-\\ Google Chrome v38.0.2125.101

*************************

AdwCleaner[R0].txt - [2248 octets] - [24/06/2014 10:41:58]
AdwCleaner[R1].txt - [996 octets] - [13/10/2014 11:24:30]
AdwCleaner[S0].txt - [2349 octets] - [24/06/2014 10:44:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1115 octets] ##########

#13
Feather24

Posted 13 October 2014 - 06:32 AM

Member

Topic Starter
Member
251 posts

I changed my malwarebytes to free version thanks for the article instructions v helpful!

I've run a scan - it only last 22 mins which seems short to me. In the past when I had the older trial version to use to take over 1hr.

Anyway - it seems clean.

Posted the report here:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/10/2014
Scan Time: 13:00:47
Logfile: malwarebytes scan 13th oct.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.13.02
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Frances

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309157
Time Elapsed: 22 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#14
zep516

Posted 13 October 2014 - 09:43 AM

Trusted Helper

Malware Removal
8,095 posts

OK,

Good work on the Malwarebytes and the log is clean.

On the adwCleaner just run the clean option now, that will remove what little was found.

Let me know how things are and what issues remain.

Joe

#15
Feather24

Posted 14 October 2014 - 11:19 AM

Member

Topic Starter
Member
251 posts

thanks Joe. On the adware I've posted the report below.

Can I just check while I'm here how do I ensure I get driver updates now that we deleted them with adware?

I'm still getting the download button in Firefox - looking like it is downloading something when I type in a web address.

I need to complete the junkware removal next step to be done.

# AdwCleaner v4.000 - Report created 14/10/2014 at 18:10:59
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Windows\Reimage.ini

***** [ Scheduled Tasks ] *****

Task Deleted : driverupdate startup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer2.2.0.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

-\\ Google Chrome v38.0.2125.101

*************************

AdwCleaner[R0].txt - [2248 octets] - [24/06/2014 10:41:58]
AdwCleaner[R1].txt - [1195 octets] - [13/10/2014 11:24:30]
AdwCleaner[R2].txt - [1256 octets] - [13/10/2014 12:51:51]
AdwCleaner[R3].txt - [1381 octets] - [14/10/2014 18:07:29]
AdwCleaner[S0].txt - [2349 octets] - [24/06/2014 10:44:07]
AdwCleaner[S1].txt - [1240 octets] - [14/10/2014 18:10:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1300 octets] ##########

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: navigation cancelled, virus, firefox

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,698 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,381 views	wayneman50 17 Aug 2023
Answered Retired Forums → Windows Vista and Windows 7 → Email Breech notification (Resolved). Started by waynf , 08 Jan 2023 Firefox	3 replies 4,368 views	phillpower2 10 Jan 2023
Security → Virus, Spyware, Malware Removal → Virus Infection Started by ForrestGump , 05 Oct 2022 Virus 1 2 3 8 →	Hot 110 replies 16,155 views	RKinner 14 Nov 2022
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,878 views	JcTcom 18 Aug 2022