Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help me clean up my computer please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help me clean up my computer please

Unread postby lloyd.arnault » June 17th, 2013, 1:29 am

Hello I was letting my sister use my computer and she was watching movies on the web and downloading the players and other unwanted things i tried to clean it up myself just wanted to make sure i got it all here is my dds log


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.21.2
Run by Derek_R at 22:27:15 on 2013-06-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1360 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Derek_R\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Data Deposit Box\nts.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Data Deposit Box\startup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Data Deposit Box\backup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Data Deposit Box\starter.exe
C:\Program Files\Data Deposit Box\status.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\guest.derek.000\appdata\local\toparcadehits\Toparcadehits.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\users\derek_r\appdata\roaming\SearchProtect"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kineticd.lnk - c:\program files\data deposit box\starter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.59.144.93 64.59.150.139 192.168.1.1
TCP: Interfaces\{45B22845-EC2B-495E-9D67-EAE77295651E} : DHCPNameServer = 64.59.144.93 64.59.150.139 192.168.1.1
TCP: Interfaces\{4D3F83F8-84B0-4A7D-AE5F-AF6BC7CF0B77} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6585D590-935E-473E-962E-5A34DBB10E65} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\safesa~1\sprote~1.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-30 112128]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
RUnknown DefaultTabUpdate;DefaultTabUpdate; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2011-12-22 46408]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-19 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-06-17 04:35:20 -------- d-----w- c:\program files\Conduit
2013-06-17 04:35:15 -------- d-----w- c:\users\derek_r\appdata\local\Conduit
2013-06-17 04:32:37 -------- d-----w- c:\program files\DefaultTab
2013-06-17 04:32:05 -------- d-----w- c:\users\derek_r\appdata\roaming\DefaultTab
2013-06-16 22:30:12 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03008165-dbda-49bc-9ceb-0a695cb8df19}\mpengine.dll
2013-06-16 09:31:17 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-16 07:05:30 -------- d-----w- c:\programdata\StarApp
2013-06-16 06:59:21 -------- d-----w- c:\program files\SafeSaver
2013-06-16 04:57:03 -------- d-----w- c:\users\derek_r\appdata\local\Chat Undetected
2013-06-15 20:11:46 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d66adf83-6877-4333-a773-69f331a72962}\gapaengine.dll
2013-06-12 17:01:16 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 17:01:16 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-12 17:01:12 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:01:12 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 17:01:01 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:01:01 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:01:01 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:01:01 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:01:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:00:49 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:00:48 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 17:00:17 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-29 19:31:14 -------- d-----w- c:\users\derek_r\appdata\local\{276E7057-3860-486C-9FC9-FFB7C0DAA4E8}
2013-05-23 10:22:58 -------- d-----w- c:\programdata\Trymedia
.
==================== Find3M ====================
.
2013-06-11 23:13:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 23:13:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-08 08:57:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-08 08:56:59 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-08 08:56:58 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-08 06:10:12 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-08 06:10:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:27:52.91 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/23/2010 12:42:17 PM
System Uptime: 6/16/2013 9:41:12 PM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 150.919 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Auslogics Disk Defrag
BitTorrent
CCleaner
D3DX10
Data Deposit Box
DivX Setup
Driver Whiz
FileHippo.com Update Checker
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
Imagistics im2830 Series Client
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LG USB Modem driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 3.51
NetWaiting
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
SafeSaver 1.74
Sage Simply Accounting 2012
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/16/2013 9:59:38 PM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/16/2013 9:43:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: HWiNFO32
6/16/2013 9:41:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:38:29 PM on 6/16/2013 was unexpected.
6/16/2013 9:17:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
6/16/2013 9:17:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/16/2013 9:17:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
6/16/2013 9:15:55 PM, Error: EventLog [6008] - The previous system shutdown at 9:04:40 PM on 6/16/2013 was unexpected.
6/16/2013 8:24:46 PM, Error: EventLog [6008] - The previous system shutdown at 6:18:59 PM on 6/16/2013 was unexpected.
6/16/2013 10:16:07 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
6/16/2013 10:15:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/15/2013 1:36:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
6/15/2013 1:36:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
6/15/2013 1:36:10 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2013 5:58:05 AM, Error: EventLog [6008] - The previous system shutdown at 5:55:11 AM on 6/11/2013 was unexpected.
6/11/2013 5:57:59 AM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
.
==== End Of File ===========================
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am
Advertisement
Register to Remove

Re: Help me clean up my computer please

Unread postby Gary R » June 19th, 2013, 10:17 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help me clean up my computer please

Unread postby Gary R » June 19th, 2013, 10:29 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi lloyd.arnault

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start to remove your infection, I'm going to need you to run a few extra scans for me, so I've got a better idea exactly what we're up against.

First

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Finally

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems


  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 11:08 am

Thank you for any help you are able to give. Here are the logs


# AdwCleaner v2.303 - Logfile created 06/19/2013 at 07:44:12
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Derek_R - DEREK
# Boot Mode : Normal
# Running from : C:\Users\Derek_R\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabSearch

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DefaultTab
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\RightClick
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Derek_R\AppData\Local\Conduit
Folder Found : C:\Users\Derek_R\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Derek_R\AppData\LocalLow\Conduit
Folder Found : C:\Users\Derek_R\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\Derek_R\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\DomaIQ
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2588 octets] - [19/06/2013 07:44:12]

########## EOF - C:\AdwCleaner[R1].txt - [2648 octets] ##########
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 11:09 am

OTL logfile created on: 6/19/2013 7:47:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Derek_R\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 59.14% Memory free
6.09 Gb Paging File | 4.56 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 161.23 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Computer Name: DEREK | User Name: Derek_R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/19 07:45:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Derek_R\Desktop\OTL.exe
PRC - [2013/06/16 22:32:59 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/28 22:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/28 05:08:28 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 01:54:11 | 000,882,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2013/02/11 00:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 15:41:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/12/22 00:00:00 | 000,021,320 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/16 22:47:46 | 013,140,872 | ---- | M] () -- C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/28 22:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/28 22:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/28 22:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013/05/28 22:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013/05/28 22:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/01/24 04:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\SafeSaver\sprotector.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Winsim\TransactionManager2012 -- (Sage Simply Accounting Transaction Manager 2012 - CDN)
SRV - [2013/06/11 16:13:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/11 00:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 15:41:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/12/22 00:00:00 | 000,021,320 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2009/12/18 14:57:38 | 000,181,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Data Deposit Box\nts.exe -- (Online Backup Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\mark\Desktop\hw32_238\HWiNFO32.SYS -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mark\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/03/26 14:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/20 01:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/06/30 06:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {708F7F3D-51BB-42FE-AC25-7D0A87169DF5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes,DefaultScope = {708F7F3D-51BB-42FE-AC25-7D0A87169DF5}
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN25703831351359320&UM=2&SSPV=TB_C5
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}: "URL" = http://search.conduit.com/Results.aspx? ... 45&UM=2&q={searchTerms}
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/22 20:00:18 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: No name found = C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.61_0\crossrider
CHR - Extension: No name found = C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.61_0\

O1 HOSTS File: ([2011/12/12 15:28:50 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Guest.DEREK.000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.93 64.59.150.139 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B22845-EC2B-495E-9D67-EAE77295651E}: DhcpNameServer = 64.59.144.93 64.59.150.139 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D3F83F8-84B0-4A7D-AE5F-AF6BC7CF0B77}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6585D590-935E-473E-962E-5A34DBB10E65}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~1\safesa~1\sprote~1.dll) - c:\Program Files\SafeSaver\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/19 07:45:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Derek_R\Desktop\OTL.exe
[2013/06/18 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Roaming\Skype
[2013/06/18 12:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/06/16 22:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/16 22:23:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Derek_R\Desktop\dds.scr
[2013/06/16 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/06/16 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Local\Conduit
[2013/06/16 21:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/06/16 21:32:05 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Roaming\DefaultTab
[2013/06/16 00:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/06/15 23:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\SafeSaver
[2013/06/15 21:57:03 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Local\Chat Undetected
[2013/06/12 18:31:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 18:31:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 18:31:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 18:31:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/12 18:31:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 18:31:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 18:31:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/12 18:31:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/12 10:01:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/12 10:01:01 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 10:01:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 10:00:49 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 10:00:48 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/12 10:00:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/05/29 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Local\{276E7057-3860-486C-9FC9-FFB7C0DAA4E8}
[2013/05/23 03:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013/05/23 03:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse

========== Files - Modified Within 30 Days ==========

[2013/06/19 07:45:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Derek_R\Desktop\OTL.exe
[2013/06/19 07:43:19 | 000,648,201 | ---- | M] () -- C:\Users\Derek_R\Desktop\adwcleaner.exe
[2013/06/19 07:41:17 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/19 07:41:17 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/19 07:41:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/19 07:38:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/19 07:36:16 | 000,004,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 07:36:16 | 000,004,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 07:35:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/19 07:35:15 | 000,371,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/19 07:35:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/19 01:18:59 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/06/18 13:58:04 | 000,002,633 | ---- | M] () -- C:\Users\Derek_R\Desktop\Microsoft Office Outlook 2007.lnk
[2013/06/18 12:59:20 | 000,362,029 | ---- | M] () -- C:\Users\Derek_R\Desktop\sqlite3.dll
[2013/06/17 03:13:03 | 000,001,995 | ---- | M] () -- C:\Users\Derek_R\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/16 22:34:40 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/16 22:23:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Derek_R\Desktop\dds.scr
[2013/06/16 21:43:53 | 000,000,258 | RHS- | M] () -- C:\Users\Derek_R\ntuser.pol
[2013/06/16 21:36:09 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/11 16:13:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 16:13:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/06/19 07:43:04 | 000,648,201 | ---- | C] () -- C:\Users\Derek_R\Desktop\adwcleaner.exe
[2013/06/19 07:34:53 | 000,371,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/18 12:59:20 | 000,362,029 | ---- | C] () -- C:\Users\Derek_R\Desktop\sqlite3.dll
[2013/06/16 22:34:40 | 000,001,995 | ---- | C] () -- C:\Users\Derek_R\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/16 22:34:40 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/16 22:33:08 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/16 22:33:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/16 21:43:53 | 000,000,258 | RHS- | C] () -- C:\Users\Derek_R\ntuser.pol
[2013/06/16 21:36:09 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/16 21:32:57 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\TopArcadeHits.job
[2012/11/14 22:08:19 | 000,000,373 | ---- | C] () -- C:\Users\Derek_R\Documents - Shortcut.lnk
[2012/05/11 01:27:55 | 000,004,096 | -H-- | C] () -- C:\Users\Derek_R\AppData\Local\keyfile3.drm
[2012/04/27 05:11:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/24 19:04:36 | 000,000,597 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/23 20:13:08 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/12/12 16:15:37 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/13 12:06:59 | 000,083,968 | ---- | C] () -- C:\Users\Derek_R\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/27 07:40:10 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\Auslogics
[2013/06/19 07:51:46 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\BitTorrent
[2012/06/27 02:28:48 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\CheckPoint
[2012/06/30 04:09:06 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\DAEMON Tools Pro
[2013/06/17 03:12:03 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\DefaultTab
[2012/09/26 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\FK_Monitor
[2012/09/15 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\redsn0w
[2012/09/17 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\VSRevoGroup
[2012/07/23 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\Guest.DEREK.000\AppData\Roaming\CheckPoint
[2013/06/16 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:238AA907

< End of report >
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 11:10 am

OTL Extras logfile created on: 6/19/2013 7:47:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Derek_R\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 59.14% Memory free
6.09 Gb Paging File | 4.56 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 161.23 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Computer Name: DEREK | User Name: Derek_R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B54873-F2C6-4EBD-A5FD-2738DCDBCEC4}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D9FA41A-28EF-4EF7-A290-72FFBC9AFEAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DC8D420-4454-4C45-9EBF-71AB94D26DC1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{62F09F6A-735E-45D3-A6AB-D65FC7FEBE77}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADC12D44-7385-429F-8DD5-21FF890F028C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B3B94339-0402-464D-89D7-92693E6EBBB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5F40301-74AA-4096-B46C-A1FCF2159A1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{B745BF90-52E4-4B76-B240-ED648C9FD0C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{D7E1947A-90A4-485F-A07F-A1C7D671DC7A}" = rport=138 | protocol=17 | dir=out | app=system |
"{E434ABCC-ED97-46A1-AEC2-027F49C697DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECEA57B8-EB06-4C15-A45E-39F84FA357B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFA523FC-0707-4862-B611-EC26DD0F2173}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E7B9E-7E24-490C-A588-E49B99E26109}" = protocol=6 | dir=out | app=c:\program files\winsim\connectionmanager\simplyconnectionmanager.exe |
"{07BE0C9F-02EE-4F54-A030-7F8C12C3E03E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0ACE6FA0-1765-49A9-A88E-4627386CED64}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0F69316B-0B3E-4E85-B0B8-F620BE1940E4}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{82909C0A-802A-4FE2-9294-5137CFC31B85}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{891B2135-D8A6-4E84-B336-8B575DF9B9CE}" = protocol=6 | dir=out | app=c:\program files\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe |
"{A9DEB6FB-AF54-4986-BBE2-1BEB509CAEEF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B3A9A9CB-1DFF-4ACC-BD3C-B0A909C2F7CE}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{BB070FFB-0CC3-48EF-9430-BB1015EC6C1A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BEB3D96C-2087-46B1-9EEF-237DAF72D994}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{C1DC95CF-944B-46F7-9223-3CA3331499C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C78756DF-04DA-4FDD-AA39-0CF7EF215F26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CD5F4777-9062-47F2-A57C-9D56F6112856}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{CE8EA7AD-F03E-4177-90BE-B6EF05BDA9DF}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{CF2FE57A-E186-421C-B4CD-DA7F4E51EDE0}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FA86168F-5DF9-442A-B09C-C9A0D3D8A29A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43D04577-3193-40FF-8021-B75FF252EB05}" = Imagistics im2830 Series Client
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AD6A909B-7FCB-43FD-95D9-D8801B8693C7}" = Data Deposit Box
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROPLUS" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.94
"SP_0bdf5975" = SafeSaver 1.74
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2013 11:39:23 PM | Computer Name = Derek | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2013 1:38:49 AM | Computer Name = Derek | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2013 8:45:34 AM | Computer Name = Derek | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2013 1:40:16 PM | Computer Name = Derek | Source = Windows Search Service | ID = 3013
Description =

Error - 6/18/2013 5:40:16 PM | Computer Name = Derek | Source = Application Hang | ID = 1002
Description = The program tbb-firefox.exe version 17.0.6.4879 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bd8 Start Time: 01ce6c4acd1e8440 Termination Time: 171

Error - 6/18/2013 9:44:43 PM | Computer Name = Derek | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2013 10:21:18 PM | Computer Name = Derek | Source = VSS | ID = 8194
Description =

Error - 6/18/2013 10:23:41 PM | Computer Name = Derek | Source = VSS | ID = 8194
Description =

Error - 6/18/2013 10:31:51 PM | Computer Name = Derek | Source = Perflib | ID = 1010
Description =

Error - 6/19/2013 10:36:15 AM | Computer Name = Derek | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/8/2011 11:55:15 AM | Computer Name = mark-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 1/17/2011 4:30:26 PM | Computer Name = mark-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2464
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 1/17/2011 4:33:43 PM | Computer Name = mark-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 169
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/17/2011 4:36:22 PM | Computer Name = mark-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 112
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/20/2011 2:05:13 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 67
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/20/2011 2:06:59 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 91
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/20/2011 2:11:02 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 172
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/20/2011 2:52:40 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2411
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 10/20/2011 2:54:06 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/14/2012 1:33:35 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3532
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 5/14/2012 1:34:23 PM | Computer Name = Derek | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2013 11:39:23 PM | Computer Name = Derek | Source = Service Control Manager | ID = 7026
Description =

Error - 6/18/2013 1:37:10 AM | Computer Name = Derek | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:35:01 PM on 6/17/2013 was unexpected.

Error - 6/18/2013 1:38:49 AM | Computer Name = Derek | Source = Service Control Manager | ID = 7026
Description =

Error - 6/18/2013 8:45:35 AM | Computer Name = Derek | Source = Service Control Manager | ID = 7026
Description =

Error - 6/18/2013 9:44:43 PM | Computer Name = Derek | Source = Service Control Manager | ID = 7026
Description =

Error - 6/18/2013 11:03:42 PM | Computer Name = Derek | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2013 11:03:42 PM | Computer Name = Derek | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2013 11:03:42 PM | Computer Name = Derek | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2013 11:04:13 PM | Computer Name = Derek | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 6/19/2013 10:36:15 AM | Computer Name = Derek | Source = Service Control Manager | ID = 7026
Description =


< End of report >
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 11:11 am

SystemLook 04.09.10 by jpshortstuff
Log created at 08:00 on 19/06/2013 by Derek_R
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Guest.DEREK.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9D82ZVR\lp_ilivid_com[1].htm --a---- 5425 bytes [04:21 17/06/2013] [04:21 17/06/2013] B99A0BC2CADDCCD70E2579FF7204D063

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

Searching for "*conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [06:32 10/08/2012] [06:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New d------ [04:35 17/06/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Program Files\Conduit d------ [04:35 17/06/2013]
C:\Users\Derek_R\AppData\Local\Conduit d------ [04:35 17/06/2013]
C:\Users\Derek_R\AppData\LocalLow\Conduit d------ [03:07 27/04/2012]
C:\Users\Guest\AppData\LocalLow\Conduit d------ [04:35 17/06/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"DisplayName"="WhiteSmoke New Customized Web Search"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"DisplayName"="WhiteSmoke New Customized Web Search"

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="shortcut icon" type="image/ico" href="http://cdn.mysearchresults.com/images/favicon.ico" />
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>New Tab</title>
</head>
<body>
<div class="container">
<div class="wrapper">
<h1 class="none">My Search Results</h1>
<form class="search" method="get" action="http://search.conduit.com/Results.aspx">
<fieldset>
<legend class="hidden">My Search Results</legend>
<div class="holder">
<div class="hidden">
<input type="hidden" name="ctid" value="CT3300024" />
<input type="hidden" name="UM" value="2" />
<input type="hidden" name="SearchSo
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"="Search|Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.set_default_search"="Search|Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.search_box_default"="Search|Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zbase_url"="http://search.conduit.com/Results.aspx"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN25703831351359320&UM=2&SSPV=TB_C5"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="http://search.conduit.com?SearchSource=10&CUI=UN25703831351359320&UM=2&ctid=CT3289847&SSPV=TB_C5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"3C9969540349183469B424848DB7949F"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\3C9969540349183469B424848DB7949F]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="shortcut icon" type="image/ico" href="http://cdn.mysearchresults.com/images/favicon.ico" />
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>New Tab</title>
</head>
<body>
<div class="container">
<div class="wrapper">
<h1 class="none">My Search Results</h1>
<form class="search" method="get" action="http://search.conduit.com/Results.aspx">
<fieldset>
<legend class="hidden">My Search Results</legend>
<div class="holder">
<div class="hidden">
<input type="hidden" name="ctid" value="CT3300024" />
<input type="hidden" name="UM" value="2" />

[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"="Search|Conduit"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.set_default_search"="Search|Conduit"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.search_box_default"="Search|Conduit"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zbase_url"="http://search.conduit.com/Results.aspx"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN25703831351359320&UM=2&SSPV=TB_C5"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}"

-= EOF =-
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby Gary R » June 19th, 2013, 11:57 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

BitTorrent


Reboot your computer when finished

see .... viewtopic.php?p=491394#p491394

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV - [2013/02/11 00:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN25703831351359320&UM=2&SSPV=TB_C5
IE - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001\..\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}: "URL" = http://search.conduit.com/Results.aspx? ... 45&UM=2&q= {searchTerms}
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Guest.DEREK.000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O4 - HKU\S-1-5-21-3582020791-3243420414-4013162344-1001..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O20 - AppInit_DLLs: (c:\progra~1\safesa~1\sprote~1.dll) - c:\Program Files\SafeSaver\sprotector.dll ()
[2013/06/16 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/06/16 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Local\Conduit
[2013/06/16 21:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/06/16 21:32:05 | 000,000,000 | ---D | C] -- C:\Users\Derek_R\AppData\Roaming\DefaultTab
[2013/06/19 01:18:59 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/06/19 07:51:46 | 000,000,000 | ---D | M] -- C:\Users\Derek_R\AppData\Roaming\BitTorrent
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:238AA907

:Files
C:\Users\Guest.DEREK.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9D82ZVR\lp_ilivid_com[1].htm 
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll
C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New
C:\Program Files\Conduit
C:\Users\Derek_R\AppData\Local\Conduit
C:\Users\Derek_R\AppData\LocalLow\Conduit 
C:\Users\Guest\AppData\LocalLow\Conduit
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"=-
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.set_default_search"=-
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.search_box_default"=-
[HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zbase_url"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"=-
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"=-
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.set_default_search"=-
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.search_box_default"=-
[HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zbase_url"=-
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}]
[-HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}]

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


[size=160Please post each log separately[/size] to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 1:10 pm

All processes killed
========== OTL ==========
Service DefaultTabSearch stopped successfully!
Service DefaultTabSearch deleted successfully!
C:\Program Files\DefaultTab\DefaultTabSearch.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
C:\Users\Guest.DEREK.000\AppData\Local\TopArcadeHits\Toparcadehits.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
File C:\Program Files\BitTorrent\BitTorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\safesa~1\sprote~1.dll deleted successfully.
c:\Program Files\SafeSaver\sprotector.dll moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Derek_R\AppData\Local\Conduit folder moved successfully.
C:\Program Files\DefaultTab folder moved successfully.
C:\Users\Derek_R\AppData\Roaming\DefaultTab folder moved successfully.
C:\Windows\Tasks\TopArcadeHits.job moved successfully.
Folder C:\Users\Derek_R\AppData\Roaming\BitTorrent\ not found.
ADS C:\ProgramData\TEMP:238AA907 deleted successfully.
========== FILES ==========
C:\Users\Guest.DEREK.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9D82ZVR\lp_ilivid_com[1].htm moved successfully.
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll moved successfully.
C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Logs folder moved successfully.
C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New folder moved successfully.
File\Folder C:\Program Files\Conduit not found.
File\Folder C:\Users\Derek_R\AppData\Local\Conduit not found.
C:\Users\Derek_R\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Derek_R\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\Derek_R\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository folder moved successfully.
C:\Users\Derek_R\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi folder moved successfully.
C:\Users\Derek_R\AppData\LocalLow\Conduit\ChromeExtData folder moved successfully.
C:\Users\Derek_R\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\Guest\AppData\LocalLow\Conduit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Derek_R\Desktop\cmd.bat deleted successfully.
C:\Users\Derek_R\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.zsearch_engine deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.set_default_search deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.search_box_default deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.zbase_url deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\ConduitSearchScopes\ not found.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.znew_tab_content deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.zsearch_engine not found.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.set_default_search not found.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.search_box_default not found.
Registry value HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\AppDataLow\Software\DefaultTab\BHO\\extensions.defaulttab.zbase_url not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708F7F3D-51BB-42FE-AC25-7D0A87169DF5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3582020791-3243420414-4013162344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0BF1EA0-0AC5-404A-98DC-ECEF99BF91EC}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Derek_R
->Temp folder emptied: 32822999 bytes
->Temporary Internet Files folder emptied: 51041362 bytes
->Java cache emptied: 5162619 bytes
->Google Chrome cache emptied: 360975725 bytes
->Flash cache emptied: 178461 bytes

User: Guest
->Temp folder emptied: 50386 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2836 bytes

User: Guest.DEREK
->Temp folder emptied: 51886 bytes
->Temporary Internet Files folder emptied: 32832 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2836 bytes

User: Guest.DEREK.000
->Temp folder emptied: 1928340 bytes
->Temporary Internet Files folder emptied: 28446285 bytes
->Flash cache emptied: 56970 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73522 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 459.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06192013_090605

Files\Folders moved on Reboot...
C:\Users\Derek_R\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Derek_R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0SZH90X\facebook_com[2].htm moved successfully.
C:\Users\Derek_R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N4VCKVQI\12[2].htm moved successfully.
C:\Users\Derek_R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6Y4IVW43\aiCA76PSRV.htm moved successfully.
C:\Users\Derek_R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Derek_R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 1:10 pm

C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\_OTL\MovedFiles\06192013_090605\C_Program Files\DefaultTab\DefaultTabSearch.exe a variant of Win32/Toolbar.DefaultTab.B application
C:\_OTL\MovedFiles\06192013_090605\C_Program Files\SafeSaver\sprotector.dll a variant of Win32/SProtector.A application
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby Gary R » June 19th, 2013, 3:37 pm

My apologies, I missed something out of the last fix, so we'll run it now ....

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next

Let's take care of the items that E-Set found ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\ChromeModule.dll 
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • OTL fix log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 5:47 pm

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 14:29:56
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Derek_R - DEREK
# Boot Mode : Normal
# Running from : C:\Users\Derek_R\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Derek_R\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Derek_R\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Derek_R\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2170 octets] - [19/06/2013 14:29:56]

########## EOF - C:\AdwCleaner[S1].txt - [2230 octets] ##########
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 5:48 pm

========== FILES ==========
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\ChromeModule.dll moved successfully.
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully.
C:\Users\Guest.DEREK.000\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06192013_143514
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby lloyd.arnault » June 19th, 2013, 5:49 pm

It seems to be running fine. the only thing i noticed before was it would take away my extensions away and try to run other ones but that all seems to be cleared up now.
lloyd.arnault
Active Member
 
Posts: 11
Joined: June 17th, 2013, 1:21 am

Re: Help me clean up my computer please

Unread postby Gary R » June 19th, 2013, 6:17 pm

Looks like we've got everything now, so time to remove the programs we've been using to clean your computer.

First

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete the following ....

ADWCleaner.exe
C:\AdwCleaner[R1].txt
C:\AdwCleaner[s1].txt


Next

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Tweaking.com Registry backup


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware