TheTechGuide Forum

General Category => Tech Clinic => Topic started by: x_breath_x on January 17, 2014, 10:10:40 PM

Title: nativemessaging on chrome
Post by: x_breath_x on January 17, 2014, 10:10:40 PM

hey sorry about my last topic. i had the computer traded. i just figured itd be easier. however this computer has some slike problems. i dont know why maybe its something ive downloaded.

 

the hijackthis didnt work agan so ive done a scan with otl.

here is the otl.txt first and then extras.txt

 

 

 

 

OTL logfile created on: 1/17/2014 8:40:40 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Kaila\\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1013.09 Mb Total Physical Memory | 531.36 Mb Available Physical Memory | 52.45% Memory free

3.10 Gb Paging File | 1.08 Gb Available in Paging File | 35.01% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 219.79 Gb Total Space | 163.52 Gb Free Space | 74.40% Space Free | Partition Type: NTFS

 

Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

PRC - [2013/12/20 19:14:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

PRC - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

PRC - [2013/09/27 21:41:39 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\\Program Files\\Common Files\\AVG Secure Search\\vToolbarUpdater\\17.0.1\\ToolbarUpdater.exe

PRC - [2013/02/05 12:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZtray.exe

PRC - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZSvr.exe

PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe

PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperService.exe

PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperAgent.exe

PRC - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfevtps.exe

PRC - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfefire.exe

PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\\Program Files\\Motorola\\MotForwardDaemon\\ForwardDaemon.exe

PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2010/11/12 00:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\\Program Files\\Elantech\\ETDCtrlHelper.exe

PRC - [2010/11/12 00:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\\Program Files\\Elantech\\ETDCtrl.exe

PRC - [2010/08/10 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\LManager.exe

PRC - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\dsiwmis.exe

PRC - [2010/08/10 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\LMworker.exe

PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe

PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe

PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerEvent.exe

PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\\Program Files\\EgisTec IPS\\PmmUpdate.exe

PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\\Program Files\\EgisTec IPS\\EgisUpdate.exe

PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer VCM\\RS_Service.exe

PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe

PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Registration\\GREGsvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/20 19:14:12 | 019,336,120 | ---- | M] () -- C:\\Program Files\\AVAST Software\\Avast\\libcef.dll

MOD - [2013/02/05 12:11:18 | 000,465,824 | ---- | M] () -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\sqlite3.dll

MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperAgent.exe

MOD - [2012/08/27 23:33:32 | 000,087,912 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2012/08/27 23:33:08 | 001,242,512 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\\Program Files\\Launch Manager\\CdDirIo.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/12/13 19:20:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/27 21:41:39 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\\Program Files\\Common Files\\AVG Secure Search\\vToolbarUpdater\\17.0.1\\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)

SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 16:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mcshield.exe -- (McShield)

SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\\Program Files\\Motorola\\MotForwardDaemon\\ForwardDaemon.exe -- (PST Service)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\WildTangent Games\\App\\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\\Program Files\\Launch Manager\\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe -- (ePowerSvc)

SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\\Program Files\\EgisTec MyWinLocker\\x86\\MWLService.exe -- (MWLService)

SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Acer VCM\\RS_Service.exe -- (RS_Service)

SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe -- (Updater Service)

SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Registration\\GREGsvc.exe -- (GREGService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] -- C:\\Windows\\system32\\drivers\\SBREdrv.sys -- (SBRE)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motusbdevice.sys -- (motusbdevice)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\Motousbnet.sys -- (Motousbnet)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motswch.sys -- (MotoSwitchService)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motccgpfl.sys -- (motccgpfl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motccgp.sys -- (motccgp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motfilt.sys -- (BTCFilterService)

DRV - [2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\aswstm.sys -- (aswStm)

DRV - [2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\aswSnx.sys -- (aswSnx)

DRV - [2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\aswSP.sys -- (aswSP)

DRV - [2013/12/20 19:14:16 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\aswVmm.sys -- (aswVmm)

DRV - [2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\aswRdr2.sys -- (aswRdr)

DRV - [2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\System32\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/12/20 19:14:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV - [2012/08/23 08:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 08:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/03/26 16:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\netaapl.sys -- (Netaapl)

DRV - [2011/10/15 15:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 15:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 15:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 15:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\mfewfpk.sys -- (mfewfpk)

DRV - [2011/10/15 15:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 15:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 15:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mfenlfk.sys -- (mfenlfk)

DRV - [2011/10/15 15:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 15:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\cfwids.sys -- (cfwids)

DRV - [2010/12/03 00:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\nx6000.sys -- (MSHUSBVideo)

DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)

DRV - [2010/08/24 03:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\L1C62x86.sys -- (L1C)

DRV - [2010/07/15 15:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2010/06/17 00:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\EUCR6SK.sys -- (EUCR)

DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\vwifimp.sys -- (vwifimp)

DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\..\\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtDyDtByB0FyBtA0ByE0EtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=672521081

IE - HKLM\\..\\SearchScopes\\{507E350E-949D-BB7D-314C-7539CF247C38}: \"URL\" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\\..\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: \"URL\" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1490&systemid=1&v=a9396-125&apn_uid=2359411120544465&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}

IE - HKLM\\..\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: \"URL\" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=420&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2623740855134406&q={searchTerms}

IE - HKLM\\..\\SearchScopes\\{EEE6C360-6118-11DC-9C72-001320C79847}: \"URL\" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005

 

 

IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

 

 

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Backup.Old.Start Page = http://acer.msn.com

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://search.findwide.com/?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&serpv=22

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = www.bing.com

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_def&mntrId=AC9F929FFA0527F7&affID=115076&tsp=5114

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=807c1794-65d6-40d0-bfbe-3690de52ac15&searchtype=ds&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=807c1794-65d6-40d0-bfbe-3690de52ac15&searchtype=ds&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - SOFTWARE\\Classes\\CLSID\\{96f454ea-9d38-474f-b504-56193e00c1a5}\\InprocServer32 File not found

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: \"URL\" = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=807c1794-65d6-40d0-bfbe-3690de52ac15&searchtype=ds&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtDyDtByB0FyBtA0ByE0EtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=672521081

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=AC9F929FFA0527F7&affID=115076&tsp=5114

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{18E7AACF-9B3E-46E8-8382-BAB463727B5E}: \"URL\" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{2ED3B46A-A91C-47C9-92D7-3EF05BB5429B}: \"URL\" = http://www.mysearchresults.com/search?c=2652&t=01&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{50349BBE-F1B2-4659-B85A-16401AF9064C}: \"URL\" = http://search.findwide.com/serp?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&action=default_search&serpv=22&k={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{6F47C78D-F91C-4A9E-9641-012D759138CA}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN29404707102509210&UM=2

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{95B7759C-8C7F-4BF1-B163-73684A933233}: \"URL\" = http://isearch.avg.com/search?cid={93571EB7-16F3-4270-AB3A-4EAC59A4339E}&mid=d70f5103086f47d0a7d443d6bce1ce04-b15497609ebbdddff297f5f09ac63dcb18fcd1a3&lang=en&ds=ft011&pr=sa&d=2012-10-14 16:15:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: \"URL\" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1490&systemid=1&v=a9396-125&apn_uid=2359411120544465&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: \"URL\" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=420&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2623740855134406&q={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{C8D1C99A-92F2-4AB8-9162-0449E1743972}: \"URL\" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\SearchScopes\\{EEE6C360-6118-11DC-9C72-001320C79847}: \"URL\" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = 192.168.*.*

 

 

========== FireFox ==========

 

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.0.0: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\\Program Files\\WildTangent Games\\App\\BrowserIntegration\\Registered\\4\\NP_wtapp.dll ()

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Users\\Kaila\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\\Program Files\\Common Files\\McAfee\\SystemCore [2012/09/02 00:16:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\\Program Files\\PremierOpinion

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Babylon\\Babylon-Pro\\Utils\\[email protected]

 

[2013/12/13 16:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Kaila\\AppData\\Roaming\\mozilla\\Firefox\\extensions

[2013/12/05 15:07:08 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\\Users\\Kaila\\AppData\\Roaming\\mozilla\\Firefox\\extensions\\{96f454ea-9d38-474f-b504-56193e00c1a5}

[2013/12/31 22:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.buenosearch.com/?babsrc=HP_def&mntrId=AC9F929FFA0527F7&affID=115076&tsp=5114

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\pdf.dll

CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\kdidombaedgpfiiedeimiebkmbilgmlc\\1.1.14_0\\plugins/npDefaultTabSearch.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\13.2.0\\\\npsitesafety.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\\Program Files\\WildTangent Games\\App\\BrowserIntegration\\Registered\\2\\NP_wtapp.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll

CHR - Extension: uTorrentControl_v6 = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cflheckfmhopnialghigdlggahiomebp\\10.26.0.540_0\\

CHR - Extension: uTorrentControl_v6 = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cflheckfmhopnialghigdlggahiomebp\\10.26.0.540_0\\nativeMessaging\\nmHost

CHR - Extension: Dark Vibe = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dkckeanhmkjaechlhllmapjaaglgpcbj\\1.1_0\\

CHR - Extension: ShopAtHome.com extension = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlmebkoiahbppacaicbgncnjhbpdfkcc\\7.1.0.16_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2011.70_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2013.75_0\\

CHR - Extension: No name found = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\njkkjobcechefaoknodniidfjapgfoco\\2.2.7_0\\

CHR - Extension: Google Wallet = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_0\\

CHR - Extension: Bitdefender QuickScan = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pdnkcidphdcakpkheohlhocaicfamjie\\0.9.9.131_0\\

CHR - Extension: uTorrentControl_v6 = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cflheckfmhopnialghigdlggahiomebp\\10.26.0.540_0\\

CHR - Extension: uTorrentControl_v6 = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cflheckfmhopnialghigdlggahiomebp\\10.26.0.540_0\\nativeMessaging\\nmHost

CHR - Extension: Dark Vibe = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dkckeanhmkjaechlhllmapjaaglgpcbj\\1.1_0\\

CHR - Extension: ShopAtHome.com extension = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlmebkoiahbppacaicbgncnjhbpdfkcc\\7.1.0.16_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2011.70_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2013.75_0\\

CHR - Extension: No name found = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\njkkjobcechefaoknodniidfjapgfoco\\2.2.7_0\\

CHR - Extension: Google Wallet = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_0\\

CHR - Extension: Bitdefender QuickScan = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pdnkcidphdcakpkheohlhocaicfamjie\\0.9.9.131_0\\

 

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\\PROGRA~1\\mcafee\\msk\\mskapbho.dll File not found

O2 - BHO: (Music Box Toolbar (Dist. by iMesh, Inc.)) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\\PROGRA~1\\MUSICT~1\\Datamngr\\SRTOOL~1\\IE\\searchresultsDx.dll File not found

O2 - BHO: (MyWordTool) - {45470599-8237-486D-87B5-E89CD6AED154} - C:\\Users\\Kaila\\AppData\\Roaming\\MyWordTool\\temp.dat ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files\\Common Files\\mcafee\\systemcore\\ScriptSn.20120112163500.dll (McAfee, Inc.)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files\\uTorrentControl_v6\\prxtbuTor.dll File not found

O2 - BHO: (no name) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.

O2 - BHO: (Tidy Network) - {D8A98206-1249-3EBA-FB18-4ADF7ED746FD} - C:\\Program Files\\TidyNetwork\\petn.dll ()

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\\..\\Toolbar: (Music Box Toolbar (Dist. by iMesh, Inc.)) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\\PROGRA~1\\MUSICT~1\\Datamngr\\SRTOOL~1\\IE\\searchresultsDx.dll File not found

O3 - HKLM\\..\\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files\\uTorrentControl_v6\\prxtbuTor.dll File not found

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\..\\Toolbar\\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\\Program Files\\uTorrentControl_v6\\prxtbuTor.dll File not found

O4 - HKLM..\\Run: [Acer ePower Management] C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [BackupNowEZtray] C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZtray.exe (NTI Corporation)

O4 - HKLM..\\Run: [EgisTecPMMUpdate] C:\\Program Files\\EgisTec IPS\\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\\Run: [EgisUpdate] C:\\Program Files\\EgisTec IPS\\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\\Run: [ETDCtrl] C:\\Program Files\\Elantech\\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4 - HKLM..\\Run: [LManager] C:\\Program Files\\Launch Manager\\LManager.exe (Dritek System Inc.)

O4 - HKLM..\\Run: [ROC_roc_ssl_v12] \"C:\\Program Files\\AVG Secure Search\\ROC_roc_ssl_v12.exe\" / /PROMPT /CMPID=roc_ssl_v12 File not found

O4 - HKLM..\\Run: [SBRegRebootCleaner] \"C:\\Program Files\\Ad-Aware Antivirus\\SBRC.exe\" File not found

O4 - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000..\\Run: [Facebook Update] C:\\Users\\Kaila\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000..\\Run: [uTorrent] C:\\Users\\Kaila\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKU\\S-1-5-21-2509488165-3742344647-2209741551-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\\Program Files\\Paltalk Messenger\\paltalk.exe (AVM Software Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{15EAC838-19E9-4FA3-B6AC-CE7E9B30E965}: DhcpNameServer = 172.26.38.1 172.26.38.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{A81087B2-589B-456F-8D51-F5A5BADAE6F1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B74E8B87-E008-4422-BD86-86D613D27F22}: DhcpNameServer = 192.168.1.1

O18 - Protocol\\Handler\\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\\Program Files\\Windows Live\\Messenger\\msgrapp.dll File not found

O18 - Protocol\\Handler\\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\\Program Files\\Windows Live\\Messenger\\msgrapp.dll File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27 - HKLM IFEO\\bitguard.exe: Debugger - C:\\Windows\\System32\\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\\bprotect.exe: Debugger - C:\\Windows\\System32\\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\\browserdefender.exe: Debugger - C:\\Windows\\System32\\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\\browserprotect.exe: Debugger - C:\\Windows\\System32\\tasklist.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{c001a154-d848-11e0-b3a4-1c7508b345b6}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{c001a154-d848-11e0-b3a4-1c7508b345b6}\\Shell\\AutoRun\\command - \"\" = \"D:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\\Shell\\AutoRun\\command - \"\" = D:\\MotoCastSetup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O36 - AppCertDlls: x64 - (c:\\program files\\music toolbar\\datamngr\\x64\\apcrtldr.dll) -  File not found

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/17 20:38:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

[2014/01/17 20:28:12 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Chrome Apps

[2014/01/17 19:48:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\javaws.exe

[2014/01/17 19:48:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\javaw.exe

[2014/01/17 19:48:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\java.exe

[2014/01/17 19:48:04 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\WindowsAccessBridge.dll

[2014/01/17 19:48:04 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/14 21:45:27 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2014/01/14 21:45:24 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\netio.sys

[2014/01/14 21:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\usbport.sys

[2014/01/14 21:45:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\usbd.sys

[2014/01/12 19:52:53 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\Desktop\\Movies

[2014/01/08 16:28:48 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\Desktop\\Insanity Workout

[2013/12/31 22:07:57 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\BabSolution

[2013/12/31 22:07:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox

[2013/12/31 22:07:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Babylon

[2013/12/23 22:30:56 | 000,000,000 | ---D | C] -- C:\\Program Files\\ToniArts

[2013/12/23 22:30:54 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\EasyCleaner

[2013/12/23 22:12:21 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\ParetoLogic

[2013/12/23 22:12:21 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\DriverCure

[2013/12/23 22:11:51 | 000,000,000 | ---D | C] -- C:\\ProgramData\\ParetoLogic

[2013/12/23 21:59:23 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

[2013/12/20 19:15:36 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\AVAST Software

[2013/12/20 19:15:16 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Avast

[2013/12/20 19:14:29 | 000,775,952 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswSnx.sys

[2013/12/20 19:14:29 | 000,064,168 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswstm.sys

[2013/12/20 19:14:28 | 000,410,528 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswSP.sys

[2013/12/20 19:14:27 | 000,067,824 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswMonFlt.sys

[2013/12/20 19:14:26 | 000,079,720 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswRdr2.sys

[2013/12/20 19:14:22 | 000,270,240 | ---- | C] (AVAST Software) -- C:\\Windows\\System32\\aswBoot.exe

[2013/12/20 19:14:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\\Windows\\avastSS.scr

[2013/12/20 19:12:59 | 000,000,000 | ---D | C] -- C:\\Program Files\\AVAST Software

[2013/12/20 19:09:37 | 000,000,000 | ---D | C] -- C:\\ProgramData\\AVAST Software

[2013/12/20 18:56:08 | 000,000,000 | ---D | C] -- C:\\ProgramData\\GFI Software

[2013/12/20 18:39:55 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\QuickScan

[2013/12/20 18:27:37 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Licenses

[2013/12/20 18:27:13 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SpywareBlaster

[2013/12/20 18:27:12 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\MSCOMCTL.OCX

[2013/12/20 18:27:11 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\MSSTDFMT.DLL

[2013/12/20 18:27:04 | 000,000,000 | ---D | C] -- C:\\Program Files\\SpywareBlaster

[2013/12/20 17:11:09 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2013/12/20 17:11:08 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

[2014/01/17 20:28:20 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/17 20:27:10 | 000,002,326 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\Chrome App Launcher.lnk

[2014/01/17 20:09:01 | 000,000,908 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job

[2014/01/17 20:03:05 | 000,000,928 | ---- | M] () -- C:\\Windows\\tasks\\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job

[2014/01/17 16:14:20 | 000,009,696 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/17 16:14:20 | 000,009,696 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/17 16:04:48 | 000,000,350 | ---- | M] () -- C:\\Windows\\tasks\\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

[2014/01/17 16:02:03 | 000,259,112 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

[2014/01/17 16:01:59 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/17 16:00:13 | 796,729,344 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/17 15:48:39 | 000,000,856 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job

[2014/01/17 15:32:16 | 000,000,906 | ---- | M] () -- C:\\Windows\\tasks\\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job

[2013/12/20 19:15:16 | 000,002,087 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk

[2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswstm.sys

[2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswSnx.sys

[2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswSP.sys

[2013/12/20 19:14:16 | 000,180,248 | ---- | M] () -- C:\\Windows\\System32\\drivers\\aswVmm.sys

[2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswRdr2.sys

[2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\drivers\\aswMonFlt.sys

[2013/12/20 19:14:16 | 000,049,944 | ---- | M] () -- C:\\Windows\\System32\\drivers\\aswRvrt.sys

[2013/12/20 19:14:14 | 000,270,240 | ---- | M] (AVAST Software) -- C:\\Windows\\System32\\aswBoot.exe

[2013/12/20 19:14:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\\Windows\\avastSS.scr

[2013/12/20 18:27:14 | 000,001,005 | ---- | M] () -- C:\\Users\\Public\\Desktop\\SpywareBlaster.lnk

[2013/12/20 17:11:10 | 000,002,963 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\HiJackThis.lnk

[2013/12/18 21:10:01 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\\Windows\\System32\\WindowsAccessBridge.dll

[2013/12/18 21:04:13 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\\Windows\\System32\\javaws.exe

[2013/12/18 21:04:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\System32\\javaw.exe

[2013/12/18 21:03:46 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\\Windows\\System32\\java.exe

 

========== Files Created - No Company Name ==========

 

[2014/01/17 20:27:10 | 000,002,326 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\Chrome App Launcher.lnk

[2013/12/20 19:15:16 | 000,002,087 | ---- | C] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk

[2013/12/20 19:14:29 | 000,180,248 | ---- | C] () -- C:\\Windows\\System32\\drivers\\aswVmm.sys

[2013/12/20 19:14:28 | 000,049,944 | ---- | C] () -- C:\\Windows\\System32\\drivers\\aswRvrt.sys

[2013/12/20 18:27:14 | 000,001,005 | ---- | C] () -- C:\\Users\\Public\\Desktop\\SpywareBlaster.lnk

[2013/12/20 17:11:10 | 000,002,963 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\HiJackThis.lnk

[2013/12/11 20:20:46 | 000,000,218 | ---- | C] () -- C:\\Users\\Kaila\\AppData\\Local\\recently-used.xbel

[2013/09/09 10:22:27 | 000,000,258 | RHS- | C] () -- C:\\Users\\Kaila\\ntuser.pol

[2013/01/18 19:54:27 | 000,001,415 | ---- | C] () -- C:\\Windows\\wininit.ini

[2012/09/02 00:38:10 | 000,384,844 | ---- | C] () -- C:\\Users\\Kaila\\AppData\\Local\\funmoods-speeddial.crx

[2012/06/12 18:47:43 | 000,007,598 | ---- | C] () -- C:\\Users\\Kaila\\AppData\\Local\\Resmon.ResmonCfg

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 119 bytes -> C:\\ProgramData\\TEMP:5C321E34

 

< End of report >

 

 

 

 

 

OTL Extras logfile created on: 1/17/2014 8:40:40 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Kaila\\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1013.09 Mb Total Physical Memory | 531.36 Mb Available Physical Memory | 52.45% Memory free

3.10 Gb Paging File | 1.08 Gb Available in Paging File | 35.01% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 219.79 Gb Total Space | 163.52 Gb Free Space | 74.40% Space Free | Partition Type: NTFS

 

Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- \"%systemroot%\\system32\\rundll32.exe\" \"%systemroot%\\system32\\mshtml.dll\",PrintHTML \"%1\"

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" ()

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = Reg Error: Unknown registry data type -- File not found

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{0C0D5611-BF79-4504-946C-D2C37BBAD9E2}\" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

\"{3F77DEE7-7879-4485-8CC3-FC4E8F5B907A}\" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\\system32\\svchost.exe | 

\"{88F8B91B-765F-4BEB-9026-010AB2F5BDAE}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{98ADADB7-9290-423E-9F66-0FAADFD84AF9}\" = lport=2869 | protocol=6 | dir=in | app=system | 

\"{9BCC0A4B-1A53-4D36-8FC3-7639CB1ECFB6}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{9EDBEE99-0510-4C62-9311-DB05CD5499A8}\" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\\system32\\svchost.exe | 

\"{B999610B-3359-495E-9E94-D049C2BE1731}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{BBE6E5ED-28B5-4378-8BBB-69869CEDC4FE}\" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

\"{BDE53792-1BFF-4EB1-B0F5-FA7289601E06}\" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe | 

\"{C911DE0A-C213-468A-812B-007B520CB6A1}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

\"{EC6E6100-6001-4177-9E89-3739DF412387}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{F270A3AF-9EF5-4B04-AFD9-CAEB2FCD0117}\" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{11845A41-0B1E-43E0-92E4-68287683418E}\" = protocol=17 | dir=in | app=c:\\program files\\hp\\hp officejet 6500 e710a-f\\bin\\devicesetup.exe | 

\"{1FBD6AEE-0D94-4004-8D0F-0342910CA692}\" = protocol=17 | dir=in | app=c:\\program files\\common files\\mcafee\\mcsvchost\\mcsvhost.exe | 

\"{26867199-43E4-4660-9287-5D37C939F37F}\" = protocol=6 | dir=in | app=c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe | 

\"{3E8717E2-5523-4E50-90C2-CC7127DCD750}\" = protocol=6 | dir=in | app=c:\\program files\\hp\\hp officejet 6500 e710a-f\\bin\\devicesetup.exe | 

\"{4D77B3C3-169B-4581-BC41-5919857C5391}\" = dir=in | app=c:\\users\\kaila\\appdata\\local\\facebook\\video\\skype\\facebookvideocalling.exe | 

\"{50AA8E9B-636A-489B-8EA5-D9F3F0C36BCB}\" = dir=in | app=c:\\program files\\itunes\\itunes.exe | 

\"{5579B851-31B4-489D-B1AC-2A19DDDB6C9F}\" = protocol=17 | dir=in | app=c:\\program files\\search results toolbar\\datamngr\\srtool~1\\dtuser.exe | 

\"{55F27024-7A86-455F-BBFF-C206C182E4A6}\" = dir=in | app=c:\\program files\\imesh applications\\imesh\\imesh.exe | 

\"{5ACF1ACB-F3F4-494F-B78D-8ADD91664A7B}\" = protocol=6 | dir=in | app=c:\\users\\kaila\\appdata\\local\\temp\\bundlesweetimsetup.exe | 

\"{5BF6070F-4107-479A-9947-197E516892AA}\" = protocol=6 | dir=in | app=c:\\program files\\hp\\hp officejet 6500 e710a-f\\bin\\hpnetworkcommunicator.exe | 

\"{5D957BE7-CC96-4EB5-A649-C4A5DF2DCB49}\" = dir=in | app=c:\\program files\\windows live\\mesh\\moe.exe | 

\"{6060F889-0A7A-4136-AD1E-7C2C91F787BC}\" = protocol=6 | dir=out | svc=upnph

Title: nativemessaging on chrome
Post by: guestolo on January 18, 2014, 08:25:57 PM

I\'ll lock your other topic.. Let\'s try again with this topic
-AdwCleaner-


Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.


• Double click on AdwCleaner.exe to run the tool.


• Click the Scan button and wait for the process to complete.


• NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.


• Click on the Clean button follow the prompts.


• A log file will automatically open after the scan has finished and the PC has rebooted.


• Please post the content of that log file with your next answer.


• You can also find the log file at C:\\AdwCleaner

-Junkware-Removal-Tool-

• Please download Junkware Removal Tool to your desktop.


• Shut down your protection software now to avoid potential conflicts.


• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".


• The tool will open and start scanning your system.


• Please be patient as this can take a while to complete depending on your system\'s specifications.


• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.


• Post the contents of JRT.txt into your next message.

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt

Title: nativemessaging on chrome
Post by: x_breath_x on January 20, 2014, 12:11:19 PM

the nativemessaging on chrome fixed with the first option you had me do. here is the log for the junkware removal tool.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Starter x86

Ran by Kaila on Mon 01/20/2014 at  9:32:30.75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\sbregrebootcleaner

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\S-1-5-19\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\S-1-5-20\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\S-1-5-21-2509488165-3742344647-2209741551-1000\\Software\\Microsoft\\Internet Explorer\\Main\\\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\dynconie.dynconieobject

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\dynconie.dynconieobject.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\Interface\\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\TypeLib\\{781CA792-9B6E-400B-B36F-15C097D2CA54}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\InternetRegistry\\REGISTRY\\USER\\S-1-5-21-2509488165-3742344647-2209741551-1000\\Software\\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\strongvaultapp_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\strongvaultapp_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{2ED3B46A-A91C-47C9-92D7-3EF05BB5429B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{6F47C78D-F91C-4A9E-9641-012D759138CA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{C8D1C99A-92F2-4AB8-9162-0449E1743972}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{45470599-8237-486D-87B5-E89CD6AED154}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{45177936-603b-4261-8d42-df6f7091d5d0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\CLSID\\{45177936-603b-4261-8d42-df6f7091d5d0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{45177936-603b-4261-8d42-df6f7091d5d0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{45470599-8237-486D-87B5-E89CD6AED154}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\CLSID\\{45470599-8237-486D-87B5-E89CD6AED154}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] \"C:\\Users\\Kaila\\AppData\\Roaming\\mywordtool\"

Successfully deleted: [Folder] \"C:\\Users\\Kaila\\appdata\\local\\cre\"

Successfully deleted: [Folder] \"C:\\Users\\Kaila\\appdata\\local\\stronghold_llc\"

Successfully deleted: [Folder] \"C:\\Users\\Kaila\\appdata\\locallow\\datamngr\"

Successfully deleted: [Folder] \"C:\\Windows\\system32\\ai_recyclebin\"

Successfully deleted: [Empty Folder] C:\\Users\\Kaila\\appdata\\local\\{097547FC-824E-47C8-A0CA-F420BCF1F6BB}

Successfully deleted: [Empty Folder] C:\\Users\\Kaila\\appdata\\local\\{23903FD9-325A-4987-9406-868768C67A16}

Successfully deleted: [Empty Folder] C:\\Users\\Kaila\\appdata\\local\\{A55F3603-DB32-45B8-BC55-D04A110A6A38}

Successfully deleted: [Empty Folder] C:\\Users\\Kaila\\appdata\\local\\{C808FF1A-DE48-4778-B563-B9540E9C1CFE}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 01/20/2014 at  9:42:19.88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Title: nativemessaging on chrome
Post by: guestolo on January 20, 2014, 12:26:55 PM

I don\'t see the log for AdwCleaner?

 

You can also find the log file at C:\\AdwCleaner

 

In addition I don\'t see the new log from Otl.exe?

 

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt

Title: nativemessaging on chrome
Post by: x_breath_x on January 20, 2014, 12:34:28 PM

here is the second log

 

 

OTL logfile created on: 1/20/2014 11:12:13 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Kaila\\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1013.09 Mb Total Physical Memory | 127.41 Mb Available Physical Memory | 12.58% Memory free

1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.26% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 219.79 Gb Total Space | 137.92 Gb Free Space | 62.75% Space Free | Partition Type: NTFS

 

Computer Name: JOHN | User Name: Kaila | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/18 12:20:39 | 000,302,961 | ---- | M] () -- C:\\Program Files\\Hosts_Anti_Adwares_PUPs\\HOSTS_Anti-Adware_main.exe

PRC - [2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

PRC - [2013/12/20 19:14:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

PRC - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

PRC - [2013/02/05 12:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZtray.exe

PRC - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZSvr.exe

PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe

PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperService.exe

PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperAgent.exe

PRC - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfevtps.exe

PRC - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfefire.exe

PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\\Program Files\\Motorola\\MotForwardDaemon\\ForwardDaemon.exe

PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2010/11/12 00:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\\Program Files\\Elantech\\ETDCtrlHelper.exe

PRC - [2010/11/12 00:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\\Program Files\\Elantech\\ETDCtrl.exe

PRC - [2010/08/10 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\LManager.exe

PRC - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\dsiwmis.exe

PRC - [2010/08/10 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\\Program Files\\Launch Manager\\LMworker.exe

PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe

PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe

PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerEvent.exe

PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\\Program Files\\EgisTec IPS\\PmmUpdate.exe

PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\\Program Files\\EgisTec IPS\\EgisUpdate.exe

PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Acer VCM\\RS_Service.exe

PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\\Program Files\\Acer\\Registration\\GREGsvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/18 12:20:39 | 000,302,961 | ---- | M] () -- C:\\Program Files\\Hosts_Anti_Adwares_PUPs\\HOSTS_Anti-Adware_main.exe

MOD - [2013/12/20 19:14:12 | 019,336,120 | ---- | M] () -- C:\\Program Files\\AVAST Software\\Avast\\libcef.dll

MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ppGoogleNaClPluginChrome.dll

MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\pdf.dll

MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\libglesv2.dll

MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\libegl.dll

MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ffmpegsumo.dll

MOD - [2013/02/05 12:11:18 | 000,465,824 | ---- | M] () -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\sqlite3.dll

MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperAgent.exe

MOD - [2012/08/27 23:33:32 | 000,087,912 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2012/08/27 23:33:08 | 001,242,512 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\\Program Files\\Launch Manager\\CdDirIo.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\\Program Files\\Common Files\\AVG Secure Search\\vToolbarUpdater\\17.0.1\\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)

SRV - [2014/01/18 12:20:37 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\\Program Files\\Hosts_Anti_Adwares_PUPs\\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)

SRV - [2013/12/20 19:14:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/12/13 19:20:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/02/05 12:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\\Program Files\\Motorola Mobility\\Motorola Device Manager\\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2011/10/18 16:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 16:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 16:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mcshield.exe -- (McShield)

SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\\Program Files\\Motorola\\MotForwardDaemon\\ForwardDaemon.exe -- (PST Service)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\WildTangent Games\\App\\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/10 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\\Program Files\\Launch Manager\\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe -- (ePowerSvc)

SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\\Program Files\\EgisTec MyWinLocker\\x86\\MWLService.exe -- (MWLService)

SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Acer VCM\\RS_Service.exe -- (RS_Service)

SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe -- (Updater Service)

SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Registration\\GREGsvc.exe -- (GREGService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] -- C:\\Windows\\system32\\drivers\\SBREdrv.sys -- (SBRE)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motusbdevice.sys -- (motusbdevice)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\Motousbnet.sys -- (Motousbnet)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motswch.sys -- (MotoSwitchService)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motccgpfl.sys -- (motccgpfl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motccgp.sys -- (motccgp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\motfilt.sys -- (BTCFilterService)

DRV - [2013/12/20 19:14:56 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\aswstm.sys -- (aswStm)

DRV - [2013/12/20 19:14:16 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\aswSnx.sys -- (aswSnx)

DRV - [2013/12/20 19:14:16 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\aswSP.sys -- (aswSP)

DRV - [2013/12/20 19:14:16 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\aswVmm.sys -- (aswVmm)

DRV - [2013/12/20 19:14:16 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\aswRdr2.sys -- (aswRdr)

DRV - [2013/12/20 19:14:16 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\System32\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/12/20 19:14:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV - [2012/08/23 08:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 08:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/03/26 16:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\netaapl.sys -- (Netaapl)

DRV - [2011/10/15 15:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 15:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 15:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 15:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\mfewfpk.sys -- (mfewfpk)

DRV - [2011/10/15 15:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 15:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 15:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mfenlfk.sys -- (mfenlfk)

DRV - [2011/10/15 15:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 15:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\cfwids.sys -- (cfwids)

DRV - [2010/12/03 00:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\nx6000.sys -- (MSHUSBVideo)

DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)

DRV - [2010/08/24 03:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\L1C62x86.sys -- (L1C)

DRV - [2010/07/15 15:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2010/06/17 00:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\EUCR6SK.sys -- (EUCR)

DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\serial.sys -- (Serial)

DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\..\\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes,DefaultScope = 

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{507E350E-949D-BB7D-314C-7539CF247C38}: \"URL\" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = www.bing.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com

IE - HKCU\\..\\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes,DefaultScope = 

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search

IE - HKCU\\..\\SearchScopes\\{18E7AACF-9B3E-46E8-8382-BAB463727B5E}: \"URL\" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743

IE - HKCU\\..\\SearchScopes\\{50349BBE-F1B2-4659-B85A-16401AF9064C}: \"URL\" = http://search.findwide.com/serp?guid={FAD49E06-D413-4B08-8349-8A71DBFA0C8C}&action=default_search&serpv=22&k={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = 192.168.*.*

 

 

========== FireFox ==========

 

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.0.0: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\\Program Files\\WildTangent Games\\App\\BrowserIntegration\\Registered\\4\\NP_wtapp.dll ()

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Users\\Kaila\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\\Program Files\\Common Files\\McAfee\\SystemCore [2012/09/02 00:16:21 | 000,000,000 | ---D | M]

 

[2013/12/13 16:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Kaila\\AppData\\Roaming\\mozilla\\Firefox\\extensions

[2013/12/05 15:07:08 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\\Users\\Kaila\\AppData\\Roaming\\mozilla\\Firefox\\extensions\\{96f454ea-9d38-474f-b504-56193e00c1a5}

[2013/12/31 22:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.buenosearch.com/?babsrc=HP_def&mntrId=AC9F929FFA0527F7&affID=115076&tsp=5114

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\pdf.dll

CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\kdidombaedgpfiiedeimiebkmbilgmlc\\1.1.14_0\\plugins/npDefaultTabSearch.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\13.2.0\\\\npsitesafety.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\\Program Files\\WildTangent Games\\App\\BrowserIntegration\\Registered\\2\\NP_wtapp.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\\Users\\Kaila\\AppData\\Local\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll

CHR - Extension: Dark Vibe = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dkckeanhmkjaechlhllmapjaaglgpcbj\\1.1_0\\

CHR - Extension: ShopAtHome.com extension = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlmebkoiahbppacaicbgncnjhbpdfkcc\\7.1.0.16_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2013.75_0\\

CHR - Extension: No name found = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\njkkjobcechefaoknodniidfjapgfoco\\2.2.7_0\\

CHR - Extension: Google Wallet = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_0\\

CHR - Extension: Bitdefender QuickScan = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pdnkcidphdcakpkheohlhocaicfamjie\\0.9.9.131_0\\

CHR - Extension: Dark Vibe = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dkckeanhmkjaechlhllmapjaaglgpcbj\\1.1_0\\

CHR - Extension: ShopAtHome.com extension = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlmebkoiahbppacaicbgncnjhbpdfkcc\\7.1.0.16_0\\

CHR - Extension: avast! Online Security = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\9.0.2013.75_0\\

CHR - Extension: No name found = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\njkkjobcechefaoknodniidfjapgfoco\\2.2.7_0\\

CHR - Extension: Google Wallet = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_0\\

CHR - Extension: Bitdefender QuickScan = C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pdnkcidphdcakpkheohlhocaicfamjie\\0.9.9.131_0\\

 

O1 HOSTS File: ([2014/01/19 10:21:03 | 000,039,784 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups

O1 - Hosts: 127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups

O1 - Hosts: 661 more lines...

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\\PROGRA~1\\mcafee\\msk\\mskapbho.dll File not found

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files\\Common Files\\mcafee\\systemcore\\ScriptSn.20120112163500.dll (McAfee, Inc.)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Tidy Network) - {D8A98206-1249-3EBA-FB18-4ADF7ED746FD} - C:\\Program Files\\TidyNetwork\\petn.dll File not found

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\\..\\Toolbar: (no name) - {45177936-603b-4261-8d42-df6f7091d5d0} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\\Run: [Acer ePower Management] C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [BackupNowEZtray] C:\\Program Files\\NTI\\NTI Backup Now EZ\\BackupNowEZtray.exe (NTI Corporation)

O4 - HKLM..\\Run: [EgisTecPMMUpdate] C:\\Program Files\\EgisTec IPS\\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\\Run: [EgisUpdate] C:\\Program Files\\EgisTec IPS\\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\\Run: [ETDCtrl] C:\\Program Files\\Elantech\\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4 - HKLM..\\Run: [HOSTS Anti-Adware_PUPs] C:\\Program Files\\Hosts_Anti_Adwares_PUPs\\HOSTS_Anti-Adware_main.exe ()

O4 - HKLM..\\Run: [LManager] C:\\Program Files\\Launch Manager\\LManager.exe (Dritek System Inc.)

O4 - HKLM..\\Run: [ROC_roc_ssl_v12] \"C:\\Program Files\\AVG Secure Search\\ROC_roc_ssl_v12.exe\" / /PROMPT /CMPID=roc_ssl_v12 File not found

O4 - HKCU..\\Run: [Facebook Update] C:\\Users\\Kaila\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\\Run: [uTorrent] C:\\Users\\Kaila\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\\Program Files\\Paltalk Messenger\\paltalk.exe (AVM Software Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{15EAC838-19E9-4FA3-B6AC-CE7E9B30E965}: DhcpNameServer = 172.26.38.1 172.26.38.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{A81087B2-589B-456F-8D51-F5A5BADAE6F1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B74E8B87-E008-4422-BD86-86D613D27F22}: DhcpNameServer = 192.168.1.1

O18 - Protocol\\Handler\\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\\Program Files\\Windows Live\\Messenger\\msgrapp.dll File not found

O18 - Protocol\\Handler\\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\\Program Files\\Windows Live\\Messenger\\msgrapp.dll File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{c001a154-d848-11e0-b3a4-1c7508b345b6}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{c001a154-d848-11e0-b3a4-1c7508b345b6}\\Shell\\AutoRun\\command - \"\" = \"D:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{fed23421-ccaf-11e2-a2ff-889ffa0527f7}\\Shell\\AutoRun\\command - \"\" = D:\\MotoCastSetup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/20 09:32:14 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2014/01/20 09:22:01 | 001,037,068 | ---- | C] (Thisisu) -- C:\\Users\\Kaila\\Desktop\\JRT.exe

[2014/01/19 11:01:42 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Elaborate Bytes

[2014/01/19 11:01:41 | 000,000,000 | ---D | C] -- C:\\Program Files\\Elaborate Bytes

[2014/01/18 12:20:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Hosts_Anti_Adwares_PUPs

[2014/01/17 20:38:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

[2014/01/17 20:28:12 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Chrome Apps

[2014/01/17 19:48:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\javaws.exe

[2014/01/17 19:48:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\javaw.exe

[2014/01/17 19:48:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\java.exe

[2014/01/17 19:48:04 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\\Windows\\System32\\WindowsAccessBridge.dll

[2014/01/17 19:48:04 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/14 21:45:27 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2014/01/14 21:45:24 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\netio.sys

[2014/01/14 21:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\usbport.sys

[2014/01/14 21:45:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\drivers\\usbd.sys

[2014/01/12 19:52:53 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\Desktop\\Movies

[2014/01/08 16:28:48 | 000,000,000 | ---D | C] -- C:\\Users\\Kaila\\Desktop\\Insanity Workout

[2013/12/31 22:07:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox

[2013/12/23 22:30:56 | 000,000,000 | ---D | C] -- C:\\Program Files\\ToniArts

[2013/12/23 22:30:54 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\EasyCleaner

[2013/12/23 21:59:23 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/20 11:09:02 | 000,000,908 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job

[2014/01/20 11:03:03 | 000,000,928 | ---- | M] () -- C:\\Windows\\tasks\\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000UA.job

[2014/01/20 11:03:01 | 000,000,906 | ---- | M] () -- C:\\Windows\\tasks\\FacebookUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job

[2014/01/20 10:28:01 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/20 09:23:07 | 001,037,068 | ---- | M] (Thisisu) -- C:\\Users\\Kaila\\Desktop\\JRT.exe

[2014/01/20 09:14:36 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/19 15:09:01 | 000,000,856 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-2509488165-3742344647-2209741551-1000Core.job

[2014/01/19 11:05:57 | 000,001,176 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Virtual CloneDrive.lnk

[2014/01/19 11:04:01 | 2561,570,792 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\X17-58996.iso

[2014/01/19 10:46:22 | 001,640,984 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\SetupVirtualCloneDrive5470.exe

[2014/01/19 10:29:53 | 000,009,696 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/19 10:29:53 | 000,009,696 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/19 10:21:20 | 000,000,350 | ---- | M] () -- C:\\Windows\\tasks\\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

[2014/01/19 10:21:03 | 000,039,784 | ---- | M] () -- C:\\Windows\\System32\\drivers\\etc\\hosts

[2014/01/19 10:20:39 | 796,729,344 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/18 12:03:16 | 001,236,282 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\adwcleaner.exe

[2014/01/17 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Kaila\\Desktop\\OTL.exe

[2014/01/17 20:27:10 | 000,002,326 | ---- | M] () -- C:\\Users\\Kaila\\Desktop\\Chrome App Launcher.lnk

[2014/01/17 16:02:03 | 000,259,112 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2014/01/19 11:05:57 | 000,001,176 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Virtual CloneDrive.lnk

[2014/01/19 10:51:18 | 2561,570,792 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\X17-58996.iso

[2014/01/19 10:46:07 | 001,640,984 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\SetupVirtualCloneDrive5470.exe

[2014/01/18 12:02:22 | 001,236,282 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\adwcleaner.exe

[2014/01/17 20:27:10 | 000,002,326 | ---- | C] () -- C:\\Users\\Kaila\\Desktop\\Chrome App Launcher.lnk

[2013/12/20 19:14:29 | 000,180,248 | ---- | C] () -- C:\\Windows\\System32\\drivers\\aswVmm.sys

[2013/12/20 19:14:28 | 000,049,944 | ---- | C] () -- C:\\Windows\\System32\\drivers\\aswRvrt.sys

[2013/12/11 20:20:46 | 000,000,218 | ---- | C] () -- C:\\Users\\Kaila\\AppData\\Local\\recently-used.xbel

[2013/09/09 10:22:27 | 000,000,258 | RHS- | C] () -- C:\\Users\\Kaila\\ntuser.pol

[2013/01/18 19:54:27 | 000,001,415 | ---- | C] () -- C:\\Windows\\wininit.ini

[2012/06/12 18:47:43 | 000,007,598 | ---- | C] () -- C:\\Users\\Kaila\\AppData\\Local\\Resmon.ResmonCfg

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 119 bytes -> C:\\ProgramData\\TEMP:5C321E34

 

< End of report >

Title: nativemessaging on chrome
Post by: x_breath_x on January 20, 2014, 12:37:45 PM

oh i didnt see the part about posting the adw log here whats the log going to be called? i closed it out earlier.

Title: nativemessaging on chrome
Post by: x_breath_x on January 20, 2014, 12:40:34 PM

# AdwCleaner v3.016 - Report created 23/12/2013 at 21:59:59

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Starter Service Pack 1 (32 bits)

# Username : Kaila - JOHN

# Running from : C:\\Users\\Kaila\\Downloads\\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\\Users\\Kaila\\AppData\\Local\\funmoods-speeddial.crx

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_app.mam.conduit.com_0.localstorage

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_app.mam.conduit.com_0.localstorage-journal

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_facebook.conduitapps.com_0.localstorage

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_facebook.conduitapps.com_0.localstorage-journal

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\user data\\default\\local storage\\hxxp_pricegong.conduitapps.com_0.localstorage

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\user data\\default\\local storage\\hxxp_pricegong.conduitapps.com_0.localstorage-journal

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_search.conduit.com_0.localstorage

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_search.conduit.com_0.localstorage-journal

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_storage.conduit.com_0.localstorage

File Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\hxxp_storage.conduit.com_0.localstorage-journal

File Found : C:\\Users\\Kaila\\AppData\\Local\\Temp\\Uninstall.exe

File Found : C:\\Windows\\System32\\Tasks\\BackgroundContainer Startup Task

Folder Found : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cflheckfmhopnialghigdlggahiomebp

Folder Found C:\\Program Files\\AVG Secure Search

Folder Found C:\\Program Files\\Common Files\\AVG Secure Search

Folder Found C:\\Program Files\\Conduit

Folder Found C:\\Program Files\\Free Offers from Freeze.com

Folder Found C:\\Program Files\\Search Results Toolbar

Folder Found C:\\Program Files\\sweetpacks bundle uninstaller

Folder Found C:\\Program Files\\TidyNetwork

Folder Found C:\\Program Files\\uTorrentControl_v6

Folder Found C:\\Program Files\\Wajam

Folder Found C:\\Program Files\\Zoomex

Folder Found C:\\ProgramData\\apn

Folder Found C:\\ProgramData\\Ask

Folder Found C:\\ProgramData\\boost_interprocess

Folder Found C:\\ProgramData\\clsoft ltd

Folder Found C:\\ProgramData\\Conduit

Folder Found C:\\ProgramData\\Premium

Folder Found C:\\Users\\Kaila\\AppData\\Local\\Conduit

Folder Found C:\\Users\\Kaila\\AppData\\Local\\NativeMessaging

Folder Found C:\\Users\\Kaila\\AppData\\Local\\Searchprotect

Folder Found C:\\Users\\Kaila\\AppData\\Local\\strongvault

Folder Found C:\\Users\\Kaila\\AppData\\Local\\SwvUpdater

Folder Found C:\\Users\\Kaila\\AppData\\Local\\TidyNetwork

Folder Found C:\\Users\\Kaila\\AppData\\Local\\Wajam

Folder Found C:\\Users\\Kaila\\AppData\\Local\\WhiteListing

Folder Found C:\\Users\\Kaila\\AppData\\LocalLow\\Conduit

Folder Found C:\\Users\\Kaila\\AppData\\LocalLow\\ilividtoolbarguid

Folder Found C:\\Users\\Kaila\\AppData\\LocalLow\\searchresultstb

Folder Found C:\\Users\\Kaila\\AppData\\LocalLow\\uTorrentControl_v6

Folder Found C:\\Users\\Kaila\\AppData\\Roaming\\DefaultTab

Folder Found C:\\Users\\Kaila\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Wajam

Folder Found C:\\Users\\Kaila\\AppData\\Roaming\\OpenCandy

Folder Found C:\\Users\\Kaila\\Documents\\optimizer pro

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\\Software\\APN DTX

Key Found : HKCU\\Software\\APN PIP

Key Found : HKCU\\Software\\AppDataLow\\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\\Software\\AppDataLow\\Software\\BackgroundContainer

Key Found : HKCU\\Software\\AppDataLow\\Software\\Conduit

Key Found : HKCU\\Software\\AppDataLow\\Software\\ConduitSearchScopes

Key Found : HKCU\\Software\\AppDataLow\\Software\\ilividtoolbarguid

Key Found : HKCU\\Software\\AppDataLow\\Software\\SmartBar

Key Found : HKCU\\Software\\AppDataLow\\Software\\uTorrentControl_v6

Key Found : HKCU\\Software\\AppDataLow\\SProtector

Key Found : HKCU\\Software\\AppDataLow\\Toolbar

Key Found : HKCU\\Software\\Google\\Chrome\\Extensions\\cflheckfmhopnialghigdlggahiomebp

Key Found : HKCU\\Software\\ilivid

Key Found : HKCU\\Software\\ilividtoolbarguid

Key Found : HKCU\\Software\\IM

Key Found : HKCU\\Software\\Imesh

Key Found : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}

Key Found : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Found : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{DEDAF650-12B8-48F5-A843-BBA100716106}

Key Found : HKCU\\Software\\PrivitizeVPNInstallDates

Key Found : HKCU\\Software\\StartSearch

Key Found : HKCU\\Software\\visualbee

Key Found : HKCU\\Software\\Wajam

Key Found : HKLM\\Software\\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\\Software\\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\\Software\\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\escort.DLL

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\escortApp.DLL

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\escortEng.DLL

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\escorTlbr.DLL

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\esrv.EXE

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\priam_bho.DLL

Key Found : HKLM\\SOFTWARE\\Classes\\AppID\\ScriptHelper.EXE

Key Found : HKLM\\SOFTWARE\\Classes\\Applications\\ilividsetup.exe

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\\SOFTWARE\\Classes\\CLSID\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\\SOFTWARE\\Classes\\Interface\\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\\SOFTWARE\\Classes\\Toolbar.CT3289075

Key Found : HKLM\\SOFTWARE\\Classes\\TypeLib\\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Found : HKLM\\SOFTWARE\\Classes\\TypeLib\\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Key Found : HKLM\\SOFTWARE\\Classes\\TypeLib\\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\\SOFTWARE\\Classes\\TypeLib\\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\\SOFTWARE\\Classes\\TypeLib\\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}

Key Found : HKLM\\SOFTWARE\\Classes\\wajam.WajamBHO

Key Found : HKLM\\SOFTWARE\\Classes\\wajam.WajamBHO.1

Key Found : HKLM\\SOFTWARE\\Classes\\wajam.WajamDownloader

Key Found : HKLM\\SOFTWARE\\Classes\\wajam.WajamDownloader.1

Key Found : HKLM\\Software\\Conduit

Key Found : HKLM\\Software\\DataMngr

Key Found : HKLM\\Software\\Default Tab

Key Found : HKLM\\Software\\DefaultTab

Key Found : HKLM\\Software\\Freeze.com

Key Found : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\cflheckfmhopnialghigdlggahiomebp

Key Found : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Found : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\mkndcbhcgphcfkkddanakjiepeknbgle

Key Found : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Found : HKLM\\Software\\iLividSRTB

Key Found : HKLM\\Software\\InstallIQ

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{40C4727E-CA10-431C-997A-7E5F3583984C}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{D4214893-FDA6-4492-B57C-F79ED236F3B9}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\adawarebp_rasapi32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\adawarebp_rasmancs

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\ApnSetup_RASAPI32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\ApnSetup_RASMANCS

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\au__rasapi32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\au__rasmancs

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\BingBar_RASMANCS

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLivid_RASAPI32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLivid_RASMANCS

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLividMediaBar_RASAPI32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLividMediaBar_RASMANCS

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLividSetup_RASAPI32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\iLividSetup_RASMANCS

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\privitizevpn_1_rasapi32

Key Found : HKLM\\SOFTWARE\\Microsoft\\Tracing\\privitizevpn_1_rasmancs

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bitguard.exe

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bprotect.exe

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\browserdefender.exe

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\browserprotect.exe

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Plain\\BackgroundContainer Startup Task

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A47317B1-D902-43B8-BF89-D1F5ED2018BB}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A47317B1-D902-43B8-BF89-D1F5ED2018BB}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\08121C32A9C319F4CB0C11FF059552A4

Key Found : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Search Results Toolbar

Key Found : HKLM\\Software\\SearchProtect

Key Found : HKLM\\Software\\SP Global

Key Found : HKLM\\Software\\SProtector

Key Found : HKLM\\Software\\uTorrentControl_v6

Key Found : HKLM\\Software\\visualbee

Key Found : HKLM\\Software\\Wajam

Key Found : HKLM\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\WajamUpdater

Value Found : HKCU\\Software\\Microsoft\\Internet Explorer\\Main [Backup.old.Start Page]

Value Found : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Value Found : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Found : HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Value Found : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Value Found : HKLM\\SOFTWARE\\Mozilla\\Firefox\\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]

Value Found : HKLM\\SYSTEM\\ControlSet001\\Control\\Session Manager\\AppCertDlls [x64]

Value Found : HKLM\\SYSTEM\\ControlSet002\\Control\\Session Manager\\AppCertDlls [x64]

Value Found : HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\AppCertDlls [x64]

 

***** [ Browsers ] *****

 

-\\\\ Internet Explorer v10.0.9200.16750

 

 

-\\\\ Google Chrome v

 

[ File : C:\\Users\\Kaila\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\preferences ]

 

Found : homepage

Found : search_url

Found : suggest_url

Found : keyword

Found : urls_to_restore_on_startup

Found : homepage

Found : search_url

Found : urls_to_restore_on_startup

Found : homepage

Found : search_url

Found : suggest_url

Found : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [17028 octets] - [23/12/2013 21:59:59]

 

########## EOF - C:\\AdwCleaner\\AdwCleaner[R0].txt - [17089 octets] ##########

Title: nativemessaging on chrome
Post by: guestolo on January 24, 2014, 11:24:04 PM

sorry for the delay

I noticed you may have installed a custom host file since we started, correct?

 

Also, I see remnants of AVG search plugin for browsers and McAfee

Do you need or have you installed them since we started?

Title: nativemessaging on chrome
Post by: x_breath_x on January 27, 2014, 06:20:50 PM

the only thing ive installed was the things you told me to. i downloaded the avg one i didnt realise mcafee wasnt deleted yet.

Title: nativemessaging on chrome
Post by: guestolo on January 28, 2014, 09:22:22 PM

I see a problem with the above logs, can you please do the following and follow the instructions exactly

Your AdwCleaner log shows you just did a scan and no Clean

 

Let\'s try the following:

Download and run the McAfee removal tool from here:

http://www.majorgeeks.com/files/details/mcafee_consumer_product_removal_tool.html

Follow all the prompts, ensure to reboot the computer afterwards

 

download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.


• Double click on AdwCleaner.exe to run the tool.


• Click the Scan button and wait for the process to complete.


• Click on the Clean button follow the prompts.


• A log file will automatically open after the scan has finished and the PC has rebooted.


• Please post the content of that log file with your next answer.


• You can also find the log file at C:\\AdwCleaner

In addition:

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt