Jump to content


Photo
- - - - -

nativemessaging on chrome


  • Please log in to reply
9 replies to this topic

#1 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 17 January 2014 - 09:10 PM

hey sorry about my last topic. i had the computer traded. i just figured itd be easier. however this computer has some slike problems. i dont know why maybe its something ive downloaded.

 

the hijackthis didnt work agan so ive done a scan with otl.

here is the otl.txt first and then extras.txt

 

 

 

 

OTL logfile created on: 1/17/2014 8:40:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaila\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.09 Mb Total Physical Memory | 531.36 Mb Available Physical Memory | 52.45% Memory free
3.10 Gb Paging File | 1.08 Gb Available in Paging File | 35.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 163.52 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
 
Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
PRC - [2013/12/20 19:14:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/27 21:41:39 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
PRC - [2013/02/05 12:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
PRC - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/12 00:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/12 00:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/08/10 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/20 19:14:12 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/02/05 12:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/08/27 23:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 23:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/13 19:20:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/27 21:41:39 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 16:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/20 19:14:16 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/20 19:14:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2012/08/23 08:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 08:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/03/26 16:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/10/15 15:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 15:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 15:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 15:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 15:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 15:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 15:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 15:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 15:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/12/03 00:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/24 03:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/07/15 15:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 00:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...ults.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtDyDtByB0FyBtA0ByE0EtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=672521081
IE - HKLM\..\SearchScopes\{507E350E-949D-BB7D-314C-7539CF247C38}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...pn_ptnrs=AGE&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...740855134406&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...ch.asp?src=6&q={searchTerms}&crg=3.1010000.10005
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&serpv=22
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosear...115076&tsp=5114
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...earchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...earchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - SOFTWARE\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5}\InprocServer32 File not found
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...earchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...ults.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtDyDtByB0FyBtA0ByE0EtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=672521081
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=AC9F929FFA0527F7&affID=115076&tsp=5114
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{18E7AACF-9B3E-46E8-8382-BAB463727B5E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{2ED3B46A-A91C-47C9-92D7-3EF05BB5429B}: "URL" = http://www.mysearchr...?c=2652&t=01&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{50349BBE-F1B2-4659-B85A-16401AF9064C}: "URL" = http://search.findwide.com/serp?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&action=default_search&serpv=22&k={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{6F47C78D-F91C-4A9E-9641-012D759138CA}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN29404707102509210&UM=2
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={93571EB7-16F3-4270-AB3A-4EAC59A4339E}&mid=d70f5103086f47d0a7d443d6bce1ce04-b15497609ebbdddff297f5f09ac63dcb18fcd1a3&lang=en&ds=ft011&pr=sa&d=2012-10-14 16:15:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...pn_ptnrs=AGE&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...740855134406&q={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{C8D1C99A-92F2-4AB8-9162-0449E1743972}: "URL" = http://us.yhs4.searc...570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...ch.asp?src=6&q={searchTerms}&crg=3.1010000.10005
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaila\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaila\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/02 00:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\PremierOpinion
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
 
[2013/12/13 16:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaila\AppData\Roaming\mozilla\Firefox\extensions
[2013/12/05 15:07:08 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\Kaila\AppData\Roaming\mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2013/12/31 22:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kaila\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: uTorrentControl_v6 = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\
CHR - Extension: uTorrentControl_v6 = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Dark Vibe = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: No name found = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: uTorrentControl_v6 = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\
CHR - Extension: uTorrentControl_v6 = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Dark Vibe = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: No name found = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
 
O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Music Box Toolbar (Dist. by iMesh, Inc.)) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O2 - BHO: (MyWordTool) - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Kaila\AppData\Roaming\MyWordTool\temp.dat ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120112163500.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll File not found
O2 - BHO: (no name) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O2 - BHO: (Tidy Network) - {D8A98206-1249-3EBA-FB18-4ADF7ED746FD} - C:\Program Files\TidyNetwork\petn.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Music Box Toolbar (Dist. by iMesh, Inc.)) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" File not found
O4 - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000..\Run: [Facebook Update] C:\Users\Kaila\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000..\Run: [uTorrent] C:\Users\Kaila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15EAC838-19E9-4FA3-B6AC-CE7E9B30E965}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74E8B87-E008-4422-BD86-86D613D27F22}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c001a154-d848-11e0-b3a4-1c7508b345b6}\Shell - "" = AutoRun
O33 - MountPoints2\{c001a154-d848-11e0-b3a4-1c7508b345b6}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\Shell - "" = AutoRun
O33 - MountPoints2\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\music toolbar\datamngr\x64\apcrtldr.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/17 20:38:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
[2014/01/17 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/01/17 19:48:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/01/17 19:48:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/01/17 19:48:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/01/17 19:48:04 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/01/17 19:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/14 21:45:27 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/14 21:45:24 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/14 21:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/14 21:45:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Kaila\Desktop\Movies
[2014/01/08 16:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kaila\Desktop\Insanity Workout
[2013/12/31 22:07:57 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\BabSolution
[2013/12/31 22:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/31 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2013/12/23 22:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2013/12/23 22:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/12/23 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\ParetoLogic
[2013/12/23 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\DriverCure
[2013/12/23 22:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/12/23 21:59:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/20 19:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\AVAST Software
[2013/12/20 19:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/20 19:14:29 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/20 19:14:29 | 000,064,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2013/12/20 19:14:28 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/20 19:14:27 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/20 19:14:26 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/12/20 19:14:22 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/20 19:14:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/20 19:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/20 19:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/12/20 18:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2013/12/20 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\QuickScan
[2013/12/20 18:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/12/20 18:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/12/20 18:27:12 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2013/12/20 18:27:11 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/12/20 18:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/12/20 17:11:09 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/20 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
[2014/01/17 20:28:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/17 20:27:10 | 000,002,326 | ---- | M] () -- C:\Users\Kaila\Desktop\Chrome App Launcher.lnk
[2014/01/17 20:09:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job
[2014/01/17 20:03:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job
[2014/01/17 16:14:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 16:14:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 16:04:48 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/01/17 16:02:03 | 000,259,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/17 16:01:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/17 16:00:13 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/17 15:48:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job
[2014/01/17 15:32:16 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job
[2013/12/20 19:15:16 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/20 19:14:16 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/20 19:14:16 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/20 19:14:14 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/20 19:14:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/20 18:27:14 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/20 17:11:10 | 000,002,963 | ---- | M] () -- C:\Users\Kaila\Desktop\HiJackThis.lnk
[2013/12/18 21:10:01 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/12/18 21:04:13 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/12/18 21:04:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/12/18 21:03:46 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2014/01/17 20:27:10 | 000,002,326 | ---- | C] () -- C:\Users\Kaila\Desktop\Chrome App Launcher.lnk
[2013/12/20 19:15:16 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/20 19:14:29 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/20 19:14:28 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/20 18:27:14 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/20 17:11:10 | 000,002,963 | ---- | C] () -- C:\Users\Kaila\Desktop\HiJackThis.lnk
[2013/12/11 20:20:46 | 000,000,218 | ---- | C] () -- C:\Users\Kaila\AppData\Local\recently-used.xbel
[2013/09/09 10:22:27 | 000,000,258 | RHS- | C] () -- C:\Users\Kaila\ntuser.pol
[2013/01/18 19:54:27 | 000,001,415 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/02 00:38:10 | 000,384,844 | ---- | C] () -- C:\Users\Kaila\AppData\Local\funmoods-speeddial.crx
[2012/06/12 18:47:43 | 000,007,598 | ---- | C] () -- C:\Users\Kaila\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
 
 
 
 

OTL Extras logfile created on: 1/17/2014 8:40:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaila\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.09 Mb Total Physical Memory | 531.36 Mb Available Physical Memory | 52.45% Memory free
3.10 Gb Paging File | 1.08 Gb Available in Paging File | 35.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 163.52 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
 
Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0D5611-BF79-4504-946C-D2C37BBAD9E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3F77DEE7-7879-4485-8CC3-FC4E8F5B907A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{88F8B91B-765F-4BEB-9026-010AB2F5BDAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98ADADB7-9290-423E-9F66-0FAADFD84AF9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9BCC0A4B-1A53-4D36-8FC3-7639CB1ECFB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EDBEE99-0510-4C62-9311-DB05CD5499A8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B999610B-3359-495E-9E94-D049C2BE1731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BBE6E5ED-28B5-4378-8BBB-69869CEDC4FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BDE53792-1BFF-4EB1-B0F5-FA7289601E06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C911DE0A-C213-468A-812B-007B520CB6A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EC6E6100-6001-4177-9E89-3739DF412387}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F270A3AF-9EF5-4B04-AFD9-CAEB2FCD0117}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11845A41-0B1E-43E0-92E4-68287683418E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{1FBD6AEE-0D94-4004-8D0F-0342910CA692}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{26867199-43E4-4660-9287-5D37C939F37F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{3E8717E2-5523-4E50-90C2-CC7127DCD750}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{4D77B3C3-169B-4581-BC41-5919857C5391}" = dir=in | app=c:\users\kaila\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{50AA8E9B-636A-489B-8EA5-D9F3F0C36BCB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5579B851-31B4-489D-B1AC-2A19DDDB6C9F}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{55F27024-7A86-455F-BBFF-C206C182E4A6}" = dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{5ACF1ACB-F3F4-494F-B78D-8ADD91664A7B}" = protocol=6 | dir=in | app=c:\users\kaila\appdata\local\temp\bundlesweetimsetup.exe | 
"{5BF6070F-4107-479A-9947-197E516892AA}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{5D957BE7-CC96-4EB5-A649-C4A5DF2DCB49}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{6060F889-0A7A-4136-AD1E-7C2C91F787BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6A144D0E-813B-439F-8B6A-DA2371974066}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{762C051B-416C-4D3F-91E3-2BD80514EEA1}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{78C6C67C-0A57-4514-8282-1FE8A7006696}" = protocol=17 | dir=in | app=c:\users\kaila\appdata\local\temp\bundlesweetimsetup.exe | 
"{816788B8-B95D-4FB9-9FDF-884AE548F45A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8205D342-B259-43CB-B91F-A8057F45692C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{83A56187-402A-46EE-931F-87DDA729C556}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{8E6ED499-DEAB-4049-9809-ED06AFCF2F80}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{92CFF936-2D7F-49B6-92A1-FDFDD09DB345}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{9C006175-14CC-48AB-9BA3-2717F15DFE8A}" = protocol=17 | dir=in | app=c:\program files\premieropinion\pmropn.exe | 
"{C832A38F-E9F1-453C-B574-69EA5E8EB4BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CACD8B32-780E-44AB-8BED-0FC9AA8FAD60}" = protocol=6 | dir=in | app=c:\program files\premieropinion\pmropn.exe | 
"{D97E3CA4-BAA0-47CD-AE64-9E34A444169E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{FC0E9F12-535B-4F0A-915D-A33D48A0A866}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"TCP Query User{341A9313-6663-4B2C-86D5-9D9B661D526E}C:\program files\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files\deluge\deluge.exe | 
"TCP Query User{47061506-4D89-4903-A71B-991C7A3DB39E}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"TCP Query User{8F115884-9BDB-49DB-8447-019E1A4737CE}C:\users\kaila\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\kaila\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{EFD6D712-2E88-49BF-B919-4C4AA2F72442}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0EE123B5-B264-4A83-B7B7-C80E9862C141}C:\program files\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files\deluge\deluge.exe | 
"UDP Query User{7F2E7355-7368-4823-A7FC-3E4228B1CA87}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"UDP Query User{AA90BAE1-FDCD-4B46-9832-FCD294A7A040}C:\users\kaila\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\kaila\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{F5DA5EF5-E9C1-460B-8600-B8870C392BB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E61E1760-2346-437D-A196-6B643DFD3596}" = ZoomEx
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avast" = avast! Free Antivirus
"Elantech" = ETDWare PS/2-X86 8.0.6.0_WHQL
"FileParade Bundle" = FileParade Bundle
"Handset WinDriver" = Handset WinDriver 1.02.03.00
"HDMI" = Intel® Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"IECT3289075" = uTorrentControl_v6 Toolbar for IE
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"LManager" = Launch Manager
"Paltalk Messenger" = Paltalk Messenger  10.4
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VLC media player" = VLC media player 2.0.0
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT088300" = Bejeweled 2 Deluxe
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088332" = Farm Frenzy
"WT088336" = Insaniquarium Deluxe
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088371" = Zuma Deluxe
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088417" = Final Drive Nitro
"WT088441" = Jewel Quest
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088653" = Jewel Quest - Heritage
"WTA-fb5c23a1-547c-4c46-a354-11beda9ad6f2" = Super Yum Yum: Puzzle Adventures
"ZoomEx" = 
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2509488165-3742344647-2209741551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyWordTool" = MyWordTool
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/28/2013 6:47:12 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/28/2013 6:53:29 PM | Computer Name = John | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is WMI Objects. The first DWORD in the Data section
 contains the index value to the malformed string while the second and third DWORDs
 in the Data section contain the last valid index values.
 
Error - 12/28/2013 10:02:37 PM | Computer Name = John | Source = Application Error | ID = 1000
Description = Faulting application name: paltalk.exe, version: 10.4119.5794.1045,
 time stamp: 0x51d44a4d  Faulting module name: paltalk.exe, version: 10.4119.5794.1045,
 time stamp: 0x51d44a4d  Exception code: 0xc0000005  Fault offset: 0x000c4d5a  Faulting
 process id: 0x7f0  Faulting application start time: 0x01cf0438f9ebe69a  Faulting application
 path: C:\Program Files\Paltalk Messenger\paltalk.exe  Faulting module path: C:\Program
 Files\Paltalk Messenger\paltalk.exe  Report Id: 4a025657-702d-11e3-befe-873d4919cde3
 
Error - 12/29/2013 4:14:39 AM | Computer Name = John | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16750 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 154c    Start
 Time: 01cf046d9ff124df    Termination Time: 80    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:   
 
Error - 12/29/2013 4:52:18 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/29/2013 9:16:39 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/30/2013 11:15:16 AM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/30/2013 2:09:40 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/30/2013 11:02:08 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
Error - 12/31/2013 11:05:04 PM | Computer Name = John | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
 registry  
 
[ System Events ]
Error - 2/4/2013 6:32:07 PM | Computer Name = Kaila-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Kaila-PC\Kaila (84) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 2/4/2013 6:32:09 PM | Computer Name = Kaila-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Kaila-PC\Kaila (84) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 2/12/2013 5:59:20 PM | Computer Name = Kaila-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee McShield service terminated with service-specific error
 %%5046.
 
Error - 2/12/2013 5:59:20 PM | Computer Name = Kaila-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 2/12/2013 5:59:20 PM | Computer Name = Kaila-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 4/18/2013 8:32:07 PM | Computer Name = Kaila-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:17:01 AM on ?2/?14/?2013 was unexpected.
 
Error - 4/18/2013 8:33:22 PM | Computer Name = Kaila-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee McShield service terminated with service-specific error
 %%5046.
 
Error - 4/18/2013 8:33:22 PM | Computer Name = Kaila-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 4/18/2013 8:39:03 PM | Computer Name = Kaila-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Kaila-PC\Kaila (83) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 4/18/2013 8:44:21 PM | Computer Name = Kaila-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Kaila-PC\Kaila (83) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
 
< End of report >
 

 



#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 18 January 2014 - 07:25 PM

I'll lock your other topic.. Let's try again with this topic
-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can also find the log file at C:\AdwCleaner

-Junkware-Removal-Tool-

  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 20 January 2014 - 11:11 AM

the nativemessaging on chrome fixed with the first option you had me do. here is the log for the junkware removal tool.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Starter x86
Ran by Kaila on Mon 01/20/2014 at  9:32:30.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2509488165-3742344647-2209741551-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2509488165-3742344647-2209741551-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2ED3B46A-A91C-47C9-92D7-3EF05BB5429B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F47C78D-F91C-4A9E-9641-012D759138CA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8D1C99A-92F2-4AB8-9162-0449E1743972}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45177936-603b-4261-8d42-df6f7091d5d0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{45177936-603b-4261-8d42-df6f7091d5d0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45177936-603b-4261-8d42-df6f7091d5d0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{45470599-8237-486D-87B5-E89CD6AED154}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kaila\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Users\Kaila\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Kaila\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Kaila\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Kaila\appdata\local\{097547FC-824E-47C8-A0CA-F420BCF1F6BB}
Successfully deleted: [Empty Folder] C:\Users\Kaila\appdata\local\{23903FD9-325A-4987-9406-868768C67A16}
Successfully deleted: [Empty Folder] C:\Users\Kaila\appdata\local\{A55F3603-DB32-45B8-BC55-D04A110A6A38}
Successfully deleted: [Empty Folder] C:\Users\Kaila\appdata\local\{C808FF1A-DE48-4778-B563-B9540E9C1CFE}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/20/2014 at  9:42:19.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 20 January 2014 - 11:26 AM

I don't see the log for AdwCleaner?

 

You can also find the log file at C:\AdwCleaner

 

In addition I don't see the new log from Otl.exe?

 

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 20 January 2014 - 11:34 AM

here is the second log

 

 

OTL logfile created on: 1/20/2014 11:12:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaila\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.09 Mb Total Physical Memory | 127.41 Mb Available Physical Memory | 12.58% Memory free
1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 137.92 Gb Free Space | 62.75% Space Free | Partition Type: NTFS
 
Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/18 12:20:39 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
PRC - [2013/12/20 19:14:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/05 12:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
PRC - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/12 00:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/12 00:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/08/10 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/18 12:20:39 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2013/12/20 19:14:12 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/02/05 12:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/08/27 23:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 23:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)
SRV - [2014/01/18 12:20:37 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/13 19:20:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 16:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/20 19:14:16 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/20 19:14:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2012/08/23 08:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 08:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/03/26 16:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/10/15 15:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 15:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 15:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 15:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 15:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 15:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 15:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 15:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 15:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/12/03 00:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/24 03:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/07/15 15:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 00:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{507E350E-949D-BB7D-314C-7539CF247C38}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{18E7AACF-9B3E-46E8-8382-BAB463727B5E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
IE - HKCU\..\SearchScopes\{50349BBE-F1B2-4659-B85A-16401AF9064C}: "URL" = http://search.findwide.com/serp?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&action=default_search&serpv=22&k={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaila\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaila\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaila\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/02 00:16:21 | 000,000,000 | ---D | M]
 
[2013/12/13 16:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaila\AppData\Roaming\mozilla\Firefox\extensions
[2013/12/05 15:07:08 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\Kaila\AppData\Roaming\mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2013/12/31 22:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kaila\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dark Vibe = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: No name found = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Dark Vibe = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: avast! Online Security = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: No name found = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
 
O1 HOSTS File: ([2014/01/19 10:21:03 | 000,039,784 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
O1 - Hosts: 661 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120112163500.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Tidy Network) - {D8A98206-1249-3EBA-FB18-4ADF7ED746FD} - C:\Program Files\TidyNetwork\petn.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {45177936-603b-4261-8d42-df6f7091d5d0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kaila\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Kaila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15EAC838-19E9-4FA3-B6AC-CE7E9B30E965}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74E8B87-E008-4422-BD86-86D613D27F22}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c001a154-d848-11e0-b3a4-1c7508b345b6}\Shell - "" = AutoRun
O33 - MountPoints2\{c001a154-d848-11e0-b3a4-1c7508b345b6}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\Shell - "" = AutoRun
O33 - MountPoints2\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/20 09:32:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/20 09:22:01 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Kaila\Desktop\JRT.exe
[2014/01/19 11:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2014/01/19 11:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2014/01/18 12:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2014/01/17 20:38:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
[2014/01/17 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Kaila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/01/17 19:48:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/01/17 19:48:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/01/17 19:48:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/01/17 19:48:04 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/01/17 19:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/14 21:45:27 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/14 21:45:24 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/14 21:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/14 21:45:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Kaila\Desktop\Movies
[2014/01/08 16:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kaila\Desktop\Insanity Workout
[2013/12/31 22:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/23 22:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2013/12/23 22:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/12/23 21:59:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/20 11:09:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job
[2014/01/20 11:03:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job
[2014/01/20 11:03:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job
[2014/01/20 10:28:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/20 09:23:07 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Kaila\Desktop\JRT.exe
[2014/01/20 09:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 15:09:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job
[2014/01/19 11:05:57 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2014/01/19 11:04:01 | 2561,570,792 | ---- | M] () -- C:\Users\Kaila\Desktop\X17-58996.iso
[2014/01/19 10:46:22 | 001,640,984 | ---- | M] () -- C:\Users\Kaila\Desktop\SetupVirtualCloneDrive5470.exe
[2014/01/19 10:29:53 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 10:29:53 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 10:21:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/01/19 10:21:03 | 000,039,784 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/19 10:20:39 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/18 12:03:16 | 001,236,282 | ---- | M] () -- C:\Users\Kaila\Desktop\adwcleaner.exe
[2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaila\Desktop\OTL.exe
[2014/01/17 20:27:10 | 000,002,326 | ---- | M] () -- C:\Users\Kaila\Desktop\Chrome App Launcher.lnk
[2014/01/17 16:02:03 | 000,259,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/01/19 11:05:57 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2014/01/19 10:51:18 | 2561,570,792 | ---- | C] () -- C:\Users\Kaila\Desktop\X17-58996.iso
[2014/01/19 10:46:07 | 001,640,984 | ---- | C] () -- C:\Users\Kaila\Desktop\SetupVirtualCloneDrive5470.exe
[2014/01/18 12:02:22 | 001,236,282 | ---- | C] () -- C:\Users\Kaila\Desktop\adwcleaner.exe
[2014/01/17 20:27:10 | 000,002,326 | ---- | C] () -- C:\Users\Kaila\Desktop\Chrome App Launcher.lnk
[2013/12/20 19:14:29 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/20 19:14:28 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/11 20:20:46 | 000,000,218 | ---- | C] () -- C:\Users\Kaila\AppData\Local\recently-used.xbel
[2013/09/09 10:22:27 | 000,000,258 | RHS- | C] () -- C:\Users\Kaila\ntuser.pol
[2013/01/18 19:54:27 | 000,001,415 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/12 18:47:43 | 000,007,598 | ---- | C] () -- C:\Users\Kaila\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >


#6 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 20 January 2014 - 11:37 AM

oh i didnt see the part about posting the adw log here whats the log going to be called? i closed it out earlier.



#7 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 20 January 2014 - 11:40 AM

# AdwCleaner v3.016 - Report created 23/12/2013 at 21:59:59
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Kaila - JOHN
# Running from : C:\Users\Kaila\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Kaila\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Kaila\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\Search Results Toolbar
Folder Found C:\Program Files\sweetpacks bundle uninstaller
Folder Found C:\Program Files\TidyNetwork
Folder Found C:\Program Files\uTorrentControl_v6
Folder Found C:\Program Files\Wajam
Folder Found C:\Program Files\Zoomex
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\clsoft ltd
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Premium
Folder Found C:\Users\Kaila\AppData\Local\Conduit
Folder Found C:\Users\Kaila\AppData\Local\NativeMessaging
Folder Found C:\Users\Kaila\AppData\Local\Searchprotect
Folder Found C:\Users\Kaila\AppData\Local\strongvault
Folder Found C:\Users\Kaila\AppData\Local\SwvUpdater
Folder Found C:\Users\Kaila\AppData\Local\TidyNetwork
Folder Found C:\Users\Kaila\AppData\Local\Wajam
Folder Found C:\Users\Kaila\AppData\Local\WhiteListing
Folder Found C:\Users\Kaila\AppData\LocalLow\Conduit
Folder Found C:\Users\Kaila\AppData\LocalLow\ilividtoolbarguid
Folder Found C:\Users\Kaila\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Kaila\AppData\LocalLow\uTorrentControl_v6
Folder Found C:\Users\Kaila\AppData\Roaming\DefaultTab
Folder Found C:\Users\Kaila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\Kaila\AppData\Roaming\OpenCandy
Folder Found C:\Users\Kaila\Documents\optimizer pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\ilividtoolbarguid
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\ilividtoolbarguid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\Wajam
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40C4727E-CA10-431C-997A-7E5F3583984C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4214893-FDA6-4492-B57C-F79ED236F3B9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47317B1-D902-43B8-BF89-D1F5ED2018BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47317B1-D902-43B8-BF89-D1F5ED2018BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\uTorrentControl_v6
Key Found : HKLM\Software\visualbee
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Kaila\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : suggest_url
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [17028 octets] - [23/12/2013 21:59:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17089 octets] ##########


#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 January 2014 - 10:24 PM

sorry for the delay

I noticed you may have installed a custom host file since we started, correct?

 

Also, I see remnants of AVG search plugin for browsers and McAfee

Do you need or have you installed them since we started?


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 27 January 2014 - 05:20 PM

the only thing ive installed was the things you told me to. i downloaded the avg one i didnt realise mcafee wasnt deleted yet.



#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 28 January 2014 - 08:22 PM

I see a problem with the above logs, can you please do the following and follow the instructions exactly

Your AdwCleaner log shows you just did a scan and no Clean

 

Let's try the following:

Download and run the McAfee removal tool from here:

http://www.majorgeek...moval_tool.html

Follow all the prompts, ensure to reboot the computer afterwards

 

download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can also find the log file at C:\AdwCleaner

In addition:

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here