Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chrome Doesn't Work, FF is plainfully slow, Skype is funky

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Chrome Doesn't Work, FF is plainfully slow, Skype is funky

Unread postby mal-an » May 19th, 2014, 7:33 am

For a long time, I haven't been able to use Chrome at all because I'm getting proxy errors. Chrome doesn't allow me to change to no proxy. The option is greyed out. Firefox is so slow that it is sometimes unusable. When I type or click on something, it often locks up for 30 seconds or so, like it's going to crash, but then it comes back. Skype drops calls regularly. I did install malwarebytes as a trial, and I got messages that incoming and outgoing things were being blocked within Skype. Please help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Alan at 7:17:31 on 2014-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.818 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\windows\system32\EscSvc64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://samsung.msn.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Spotify Web Helper] "C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3540 Series"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoLowDiscSpaceChecks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E} : DHCPNameServer = 50.201.157.130
TCP: Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9} : DHCPNameServer = 64.13.115.12 75.94.255.12
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\3616A657E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\44F67666963786D27457563747F5548545 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\74F6F676C6560235471627265736B637 : DHCPNameServer = 4.2.2.2 4.2.2.4
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\84F4D454D244533423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2} : DHCPNameServer = 10.33.16.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-9-9 78976]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-9-9 38528]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-5-22 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-5-22 208416]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-5-22 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-5-22 423240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\windows\System32\drivers\hssdrv6.sys [2012-7-9 41704]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-28 13824]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-4-30 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-5-22 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-12 85328]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2011-9-28 7680]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-7-15 36000]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-9-28 115216]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-7-15 259744]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2011-7-15 109216]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-7-15 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-7-15 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-7-15 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-7-15 283296]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-7-15 289440]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-8-31 197416]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-28 533096]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-9-28 53376]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 bcm;WiMAX Network Adapter;C:\windows\System32\drivers\drxvi314_64.sys [2011-10-17 382848]
S3 bcmbusctr;WiMAX Bus Driver;C:\windows\System32\drivers\BcmBusCtr_64.sys [2011-10-17 60416]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-27 119512]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-24 24176]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2012-10-9 19032]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2012-10-9 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-20 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-20 30208]
S3 vzandnetadb;ADB Interface DriverNet for VZW;C:\windows\System32\drivers\lgvzandnetadb.sys [2012-11-25 31744]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\windows\System32\drivers\lgvzandnetdiag64.sys [2012-11-25 29696]
S3 vzandnetgps;LGE AndroidNet for VZW USB GPS NMEA Port;C:\windows\System32\drivers\lgvzandnetgps64.sys [2012-11-25 28672]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\windows\System32\drivers\lgvzandnetmdm64.sys [2012-11-25 36864]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\windows\System32\drivers\lgvzandnetndis64.sys [2012-11-25 94208]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2012-9-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-19 07:45:41 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4E304B6-8F5A-4E35-A816-D363CF39DBA7}\offreg.dll
2014-05-19 07:37:01 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4E304B6-8F5A-4E35-A816-D363CF39DBA7}\mpengine.dll
2014-04-30 14:20:10 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-04-30 14:20:06 43152 ----a-w- C:\windows\avastSS.scr
2014-04-27 20:36:24 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-04-27 20:35:34 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-04-27 20:35:34 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-04-27 20:35:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 20:23:36 -------- d-----w- C:\Users\Alan\AppData\Roaming\WinPatrol
2014-04-27 20:23:29 -------- d-----w- C:\ProgramData\InstallMate
2014-04-27 20:23:29 -------- d-----w- C:\Program Files (x86)\BillP Studios
.
==================== Find3M ====================
.
2014-05-14 21:11:47 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 21:11:47 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 14:20:08 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-04-30 14:20:08 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-04-30 14:20:08 1039096 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-04-30 14:20:07 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-04-30 14:20:07 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-04-30 14:20:07 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-04-03 16:50:58 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-31 13:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-09-28 21:34:33 15641088 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 7:20:10.11 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2011 10:33:06 AM
System Uptime: 5/16/2014 2:40:19 AM (77 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 305E4A/305E4A
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | P0 | 994/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 57 GiB total, 0.669 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 0.584 GiB free.
E: is CDROM (UDF)
G: is FIXED (FAT32) - 15 GiB total, 0.021 GiB free.
I: is FIXED (NTFS) - 3 GiB total, 0.626 GiB free.
J: is FIXED (NTFS) - 83 GiB total, 1.337 GiB free.
K: is FIXED (NTFS) - 54 GiB total, 0.553 GiB free.
L: is FIXED (FAT32) - 17 GiB total, 1.254 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000002
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000002
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000002
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000002
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&32C9AE23&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&32C9AE23&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP903: 5/19/2014 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
7-Zip 9.22beta
ABBYY FineReader 9.0 Sprint
Active@ ISO Burner
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Agatha Christie - Death on the Nile
Amazon Kindle
Amazon Send to Kindle
AMD APP SDK Runtime
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
Atheros Client Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bejeweled 2 Deluxe
Bluetooth Win7 Suite (64)
Bonjour
Build-a-lot
Bulkr
Bullzip PDF Printer 4.0.0.463
Canon PowerShot SX260 HS and SX240 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CollageIt 1.9.0
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink YouCam
D3DX10
DefaultTab
Defraggler
Digital Editions Converter
Diner Dash 2 Restaurant Rescue
Download Navigator
Dropbox
Easy File Share
Easy Migration
Easy Settings
Easy Support Center 1.0
Epson Connect Printer Setup
EPSON Connect version 1.0
Epson Customer Participation
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WF-3540 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
ETDWare PS/2-X64 10.0.7.3_WHQL
Facebook Video Calling 2.0.0.447
Farm Frenzy
Flickr Uploadr 3.2.1
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.6.11
Google Chrome
Google Talk Plugin
Google Update Helper
Google+ Auto Backup
GPL Ghostscript Lite 9.04
Insaniquarium Deluxe
Internet TV for Windows Media Center
JavaFX 2.1.1
JDownloader 0.9
JDownloader Packages
Jing
John Deere Drive Green
Junk Mail filter update
LastPass (uninstall only)
LG SP USB Driver
LG USB WML Modem Driver
LG Verizon United Driver
LibreOffice 4.1.1.2
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Media Player Codec Pack 4.1.4
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 9.0.1 (x86 en-US)
Mp3tag v2.52
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
NexGen Media Player - a modern video player
Nikon Message Center 2
Nikon Movie Editor
NoteTab Light 6 (Remove only)
OpenVPN 2.2.1
PeerBlock 1.1 (r518)
Peggle
Penguins!
Photo Story 3 for Windows
Photobie -- photo editing software from Photobie Design
Picture Control Utility
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
Python 2.7.2
Python 3.2.2 (64-bit)
QuickTime
Raccolta foto di Windows Live
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 6.14
Software Launcher
SpeedFan (remove only)
Spotify
Tomahawk
TunnelBear 1.0.32
Tweaking.com - Registry Backup
Tweaking.com - Windows Repair (All in One)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
ViewNX 2
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.6
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare
WD SmartWare Installer
Web Protect for Windows
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven peruspaketti
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
WinPatrol
WinSCP 4.3.6
YouTube Downloader 3.5
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/19/2014 7:19:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
5/19/2014 7:19:54 AM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: Transaction support within the specified resource manager is not started or was shut down due to an error.
5/19/2014 7:19:00 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/19/2014 7:18:20 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/18/2014 3:06:06 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
5/17/2014 9:20:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm
Advertisement
Register to Remove

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby nunped » May 24th, 2014, 12:02 pm

Hello mal-an, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby nunped » May 24th, 2014, 12:21 pm

Hi mal-an,

Please run the following scans:
Step 1 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  • Press the Report button to produce the scan report.
  • A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 25th, 2014, 4:15 am

Hi and thanks for helping! I ran OTL twice and both times it did not create the extras.txt file. It's not minimized. It's just not there. Shall I do the adwcleaner anyway?

OTL logfile created on: 5/24/2014 10:32:53 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 26.06% Memory free
7.75 Gb Paging File | 2.50 Gb Available in Paging File | 32.26% Paging File free
Paging file location(s): c:\pagefile.sys 1120 8100j:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.92 Gb Total Space | 1.03 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Drive D: | 69.85 Gb Total Space | 0.58 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Drive G: | 14.93 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive I: | 3.37 Gb Total Space | 0.63 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive J: | 82.54 Gb Total Space | 1.34 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive K: | 53.75 Gb Total Space | 0.55 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive L: | 16.60 Gb Total Space | 1.25 Gb Free Space | 7.55% Space Free | Partition Type: FAT32

Computer Name: AL-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/05/24 22:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL(1).scr
PRC - [2014/05/15 09:44:58 | 006,170,168 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/05/15 09:44:56 | 000,598,072 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/05/09 22:16:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/07 23:28:00 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/30 10:20:03 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/30 10:20:03 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/22 21:11:10 | 000,533,568 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/03/14 00:23:22 | 000,064,384 | ---- | M] (Google) -- C:\Users\Alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/02 19:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/11/02 18:56:54 | 005,537,136 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/11/02 18:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/01/29 22:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
PRC - [2013/01/20 19:09:29 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/30 00:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/06 14:48:44 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012/02/29 20:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 21:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/09/27 19:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/08 07:04:50 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/09/06 04:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 04:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 00:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/07/15 21:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/24 04:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/08/27 14:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/15 09:44:58 | 000,108,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/05/15 09:44:57 | 036,966,968 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/05/15 09:44:56 | 000,886,840 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/05/15 09:44:56 | 000,598,072 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/05/09 22:16:26 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/22 14:39:24 | 000,645,592 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2014/03/06 01:45:37 | 001,020,928 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2013/12/01 09:35:00 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/02/18 13:35:14 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/29 22:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/29 22:45:00 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/01/09 10:45:10 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 10:44:57 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 07:21:53 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 07:21:53 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 07:21:49 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 07:21:40 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 07:21:37 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 07:21:28 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 10:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/30 10:20:03 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/01/15 20:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/01 09:02:14 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:64bit: - [2013/01/29 23:29:29 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2012/05/10 18:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 04:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/14 18:24:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/05/14 17:12:30 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 22:16:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/02 19:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/11/02 18:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/10/23 12:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/30 00:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/07/15 21:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/07/15 21:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/07/01 05:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 21:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/11 15:23:13 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/30 10:20:08 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/30 10:20:08 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/30 10:20:08 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/30 10:20:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/30 10:20:07 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/30 10:20:07 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/30 10:20:07 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/30 10:20:07 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2012/09/06 14:46:28 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 17:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 17:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/07/09 22:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/26 17:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/12 15:01:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV:64bit: - [2012/03/12 14:55:00 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis)
DRV:64bit: - [2012/03/12 14:54:00 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem)
DRV:64bit: - [2012/03/12 14:54:00 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag)
DRV:64bit: - [2012/03/12 14:54:00 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetgps64.sys -- (vzandnetgps)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 04:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/17 14:05:46 | 000,382,848 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/10/17 14:03:20 | 000,060,416 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/09/08 07:04:52 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 14:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 16:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/17 03:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/15 21:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/07/15 21:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/07/15 21:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/07/15 21:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/07/15 21:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/07/15 21:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/07/15 21:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/07/15 21:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/07/14 18:53:30 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/14 17:48:24 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 02:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 06:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 14:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 14:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/23 03:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 23:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/18 01:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/07 01:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/29 09:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/10/28 22:00:01 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\..\SearchScopes,DefaultScope = {FE63A0FA-FEB8-46C6-93F8-60A41E267BCD}
IE - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\..\SearchScopes\{FE63A0FA-FEB8-46C6-93F8-60A41E267BCD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: pinterest%40robertnyman.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 19:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/30 10:20:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 19:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/25 23:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014/01/22 10:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2014/01/22 10:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/04/04 21:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2014/05/01 02:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions
[2013/12/03 02:06:48 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\isreaditlater@ideashower.com
[2014/03/08 23:19:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\support@lastpass.com
[2014/01/27 20:51:46 | 000,048,516 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\html5notifications@paxal.net.xpi
[2014/04/28 00:16:10 | 000,018,590 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\pinterest@robertnyman.com.xpi
[2014/05/01 02:52:36 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/09 22:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 22:16:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\2.0.0_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.1.2_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.1.3_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - SMS Text Messaging from Computer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\11.0_0\
CHR - Extension: Rather = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\10.1.2_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.7_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.4.0_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.6.3_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.4.16_0\
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.93_0\
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.1_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.13_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.94_0\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_1\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.14_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.3.0.325_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.9_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.19.27_1\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.19.27_1\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.6_0\
CHR - Extension: No name found = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\
CHR - Extension: No name found = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.701_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.1.2_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.0_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.1_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.7.0_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.7.1_0\
CHR - Extension: Google Wallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\3.1.3_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\3.1.4_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\3.1.5_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\

O1 HOSTS File: ([2014/02/16 16:37:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-410 Series" File not found
O4 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000..\Run: [Spotify] C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-334125316-4088546140-4129291110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiscSpaceChecks = 1
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Alan\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E}: DhcpNameServer = 50.201.157.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9}: DhcpNameServer = 64.13.115.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2}: DhcpNameServer = 10.33.16.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 21:28:58 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 21:28:58 | 000,000,000 | R--D | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 21:28:58 | 000,000,000 | R--D | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/01/24 00:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/24 22:31:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL(1).scr
[2014/05/20 15:06:42 | 000,179,712 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ILMBLAE.DLL
[2014/05/20 15:06:41 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ID4BLAE.DLL
[2014/05/19 07:13:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2014/05/09 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/08 17:54:51 | 000,000,000 | R--D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/04/30 10:20:06 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/04/29 18:34:21 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\apartment
[2014/04/27 16:36:24 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/27 16:35:34 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/27 16:35:34 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/27 16:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/27 16:23:36 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\WinPatrol
[2014/04/27 16:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/04/27 16:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/04/27 16:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/09/28 17:34:23 | 015,641,088 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/24 22:37:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/24 22:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL(1).scr
[2014/05/24 22:27:29 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/24 21:49:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.scr
[2014/05/24 21:24:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
[2014/05/24 18:24:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
[2014/05/24 11:06:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/24 02:58:46 | 000,083,567 | ---- | M] () -- C:\Users\Alan\Desktop\Capture.PNG
[2014/05/22 17:07:03 | 001,632,869 | ---- | M] () -- C:\Users\Alan\Desktop\taylor_dolphin.jpg
[2014/05/22 17:07:03 | 000,004,715 | ---- | M] () -- C:\Users\Alan\.recently-used.xbel
[2014/05/22 16:56:06 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\tttay.jpg
[2014/05/22 16:54:27 | 002,302,498 | ---- | M] () -- C:\Users\Alan\Desktop\ttaylor.jpg
[2014/05/22 16:51:57 | 001,809,945 | ---- | M] () -- C:\Users\Alan\Desktop\taylor.jpg
[2014/05/22 16:23:06 | 000,947,937 | ---- | M] () -- C:\Users\Alan\Desktop\Sea-Life-Park-Oahu-Dolphin-Swim-Swimming-with-Dolphins-Dolphin-Riding-Hawaii-Vacations.jpg
[2014/05/21 18:05:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/21 18:05:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/21 18:05:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/20 15:07:34 | 000,000,725 | ---- | M] () -- C:\windows\tasks\EPSON XP-410 Series Invitation {C437B03F-15C9-4C21-93C0-2069898F3180}.job
[2014/05/20 15:07:27 | 000,000,911 | ---- | M] () -- C:\windows\tasks\EPSON XP-410 Series Update {C437B03F-15C9-4C21-93C0-2069898F3180}.job
[2014/05/19 07:13:37 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2014/05/15 09:47:06 | 000,014,777 | ---- | M] () -- C:\windows\SysWow64\collectionCache.bnk
[2014/05/15 04:36:17 | 000,021,200 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 04:36:17 | 000,021,200 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/14 22:29:15 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/05/14 17:11:47 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 17:11:47 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/12 11:49:18 | 000,044,972 | ---- | M] () -- C:\Users\Alan\Desktop\depto.pdf
[2014/05/12 11:48:12 | 000,015,464 | ---- | M] () -- C:\Users\Alan\Desktop\depto.odt
[2014/05/12 11:48:11 | 000,000,095 | -H-- | M] () -- C:\Users\Alan\Desktop\.~lock.depto.odt#
[2014/05/11 15:23:13 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/09 00:14:04 | 000,842,058 | ---- | M] () -- C:\Users\Alan\Desktop\casa danny.PNG
[2014/05/08 17:54:51 | 000,000,665 | ---- | M] () -- C:\windows\SysNative\phonebook.pbs
[2014/05/08 05:51:15 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core1cf6aa3d24d42d.job
[2014/05/07 23:28:23 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cf6a6d90e8e5e7.job
[2014/05/06 20:11:07 | 000,105,284 | ---- | M] () -- C:\Users\Alan\Desktop\support.letters.pdf
[2014/05/05 17:03:49 | 000,051,771 | ---- | M] () -- C:\Users\Alan\Desktop\ACFrOgDQm8x8yUEF5iksJ_SQkhezs7PJJniNpv0lI1JF8yANrR9QNRPXds77FUc1KKHIUkfJhzl5VhtRZfDTzoBSmMDukNO0TZwx0f1PVmToe2KOwVUPe4mTsIurxFk.pdf
[2014/04/30 12:24:25 | 000,120,923 | ---- | M] () -- C:\Users\Alan\Desktop\old_kids.png
[2014/04/30 10:20:27 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/30 10:20:08 | 001,039,096 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/04/30 10:20:08 | 000,208,416 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/04/30 10:20:08 | 000,085,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/04/30 10:20:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/04/30 10:20:07 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/04/30 10:20:07 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/04/30 10:20:07 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/04/30 10:20:07 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/04/30 10:20:07 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/04/30 10:20:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/04/28 00:57:16 | 000,658,035 | ---- | M] () -- C:\Users\Alan\Desktop\fb.PNG
[2014/04/27 22:18:57 | 000,253,245 | ---- | M] () -- C:\Users\Alan\Desktop\coupon.PNG
[2014/04/27 18:55:36 | 000,030,167 | ---- | M] () -- C:\Users\Alan\Desktop\happiest4.PNG
[2014/04/27 18:54:36 | 000,091,257 | ---- | M] () -- C:\Users\Alan\Desktop\happiest3.PNG
[2014/04/27 18:53:48 | 000,104,699 | ---- | M] () -- C:\Users\Alan\Desktop\happiest2.PNG
[2014/04/27 18:53:10 | 000,088,229 | ---- | M] () -- C:\Users\Alan\Desktop\happiest1.PNG
[2014/04/27 16:35:46 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/22 17:07:03 | 000,004,715 | ---- | C] () -- C:\Users\Alan\.recently-used.xbel
[2014/05/22 17:07:01 | 001,632,869 | ---- | C] () -- C:\Users\Alan\Desktop\taylor_dolphin.jpg
[2014/05/22 16:56:06 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\tttay.jpg
[2014/05/22 16:54:26 | 002,302,498 | ---- | C] () -- C:\Users\Alan\Desktop\ttaylor.jpg
[2014/05/22 16:51:56 | 001,809,945 | ---- | C] () -- C:\Users\Alan\Desktop\taylor.jpg
[2014/05/22 16:23:04 | 000,947,937 | ---- | C] () -- C:\Users\Alan\Desktop\Sea-Life-Park-Oahu-Dolphin-Swim-Swimming-with-Dolphins-Dolphin-Riding-Hawaii-Vacations.jpg
[2014/05/20 15:07:34 | 000,000,725 | ---- | C] () -- C:\windows\tasks\EPSON XP-410 Series Invitation {C437B03F-15C9-4C21-93C0-2069898F3180}.job
[2014/05/20 15:07:27 | 000,000,911 | ---- | C] () -- C:\windows\tasks\EPSON XP-410 Series Update {C437B03F-15C9-4C21-93C0-2069898F3180}.job
[2014/05/15 09:47:06 | 000,014,777 | ---- | C] () -- C:\windows\SysWow64\collectionCache.bnk
[2014/05/12 11:48:11 | 000,000,095 | -H-- | C] () -- C:\Users\Alan\Desktop\.~lock.depto.odt#
[2014/05/12 11:48:09 | 000,015,464 | ---- | C] () -- C:\Users\Alan\Desktop\depto.odt
[2014/05/12 11:32:27 | 000,044,972 | ---- | C] () -- C:\Users\Alan\Desktop\depto.pdf
[2014/05/09 00:13:29 | 000,842,058 | ---- | C] () -- C:\Users\Alan\Desktop\casa danny.PNG
[2014/05/08 17:54:50 | 000,000,665 | ---- | C] () -- C:\windows\SysNative\phonebook.pbs
[2014/05/08 05:51:14 | 000,000,852 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core1cf6aa3d24d42d.job
[2014/05/07 23:28:23 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cf6a6d90e8e5e7.job
[2014/05/06 20:11:07 | 000,105,284 | ---- | C] () -- C:\Users\Alan\Desktop\support.letters.pdf
[2014/05/05 17:03:43 | 000,051,771 | ---- | C] () -- C:\Users\Alan\Desktop\ACFrOgDQm8x8yUEF5iksJ_SQkhezs7PJJniNpv0lI1JF8yANrR9QNRPXds77FUc1KKHIUkfJhzl5VhtRZfDTzoBSmMDukNO0TZwx0f1PVmToe2KOwVUPe4mTsIurxFk.pdf
[2014/04/30 12:24:23 | 000,120,923 | ---- | C] () -- C:\Users\Alan\Desktop\old_kids.png
[2014/04/30 10:20:10 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/04/28 00:57:16 | 000,658,035 | ---- | C] () -- C:\Users\Alan\Desktop\fb.PNG
[2014/04/27 22:18:57 | 000,253,245 | ---- | C] () -- C:\Users\Alan\Desktop\coupon.PNG
[2014/04/27 18:55:36 | 000,030,167 | ---- | C] () -- C:\Users\Alan\Desktop\happiest4.PNG
[2014/04/27 18:54:36 | 000,091,257 | ---- | C] () -- C:\Users\Alan\Desktop\happiest3.PNG
[2014/04/27 18:53:48 | 000,104,699 | ---- | C] () -- C:\Users\Alan\Desktop\happiest2.PNG
[2014/04/27 18:53:09 | 000,088,229 | ---- | C] () -- C:\Users\Alan\Desktop\happiest1.PNG
[2014/04/27 16:35:46 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/10 23:09:10 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2013/09/20 18:15:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/09/20 18:15:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/09/20 18:15:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/09/20 18:15:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/09/20 18:15:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/09/20 17:58:19 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-AL-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/19 12:04:37 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013/01/30 00:18:29 | 000,000,045 | ---- | C] () -- C:\windows\WF-3540.ini
[2012/12/24 21:36:08 | 000,000,204 | ---- | C] () -- C:\windows\SysWow64\secustat.dat
[2012/12/24 10:22:32 | 000,000,025 | ---- | C] () -- C:\windows\emcore.INI
[2012/09/30 17:49:40 | 000,000,258 | RHS- | C] () -- C:\Users\Alan\ntuser.pol
[2012/08/16 21:35:55 | 000,000,238 | ---- | C] () -- C:\windows\SysWow64\initparams.ini
[2012/03/03 12:29:00 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave_back.xml
[2012/01/24 01:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 22:56:59 | 000,015,850 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2012/01/08 17:49:20 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave.xml
[2012/01/08 17:49:10 | 000,001,238 | ---- | C] () -- C:\Users\Alan\.Setting.ini
[2012/01/03 16:27:09 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2011/12/25 15:21:05 | 000,000,268 | R--- | C] () -- C:\ProgramData\libiconv
[2011/12/25 15:21:05 | 000,000,268 | R--- | C] () -- C:\Users\Alan\AppData\Roaming\grep
[2011/12/25 15:21:05 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/25 15:21:05 | 000,000,012 | R--- | C] () -- C:\ProgramData\Analog Sync
[2011/12/25 15:20:35 | 000,000,268 | R--- | C] () -- C:\ProgramData\manual
[2011/12/25 15:20:35 | 000,000,268 | R--- | C] () -- C:\Users\Alan\AppData\Roaming\howto
[2011/12/25 15:20:35 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/25 15:20:35 | 000,000,012 | R--- | C] () -- C:\ProgramData\Applause and Laugher
[2011/12/25 15:20:34 | 000,000,268 | R--- | C] () -- C:\ProgramData\laserjet
[2011/12/25 15:20:34 | 000,000,268 | R--- | C] () -- C:\Users\Alan\AppData\Roaming\filter
[2011/12/25 15:20:34 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/25 15:20:34 | 000,000,012 | R--- | C] () -- C:\ProgramData\Analog Pad
[2011/12/20 16:00:56 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment -- [2014/04/30 16:09:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment -- [2014/04/30 16:09:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby nunped » May 25th, 2014, 6:35 am

Hi mal-an,

Yes, please run Adwcleaner anyway..
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 25th, 2014, 9:53 pm

OK. Thank you.Here it is.

# AdwCleaner v3.210 - Report created 25/05/2014 at 18:59:42
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alan - AL-LAPTOP
# Running from : C:\Users\Alan\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Web Protect
Folder Found : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic
Folder Found : C:\Users\Alan\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\Extensions\isreaditlater@ideashower.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : HKLM\Software\Classes\Installer\Features\B05CCF18F0593604E8A49DC9AAF4BBF1
Key Found : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\Software\WebProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
Found [Extension] : iabeihobmhlgpkcgjiloemdbofjbdcic

*************************

AdwCleaner[R0].txt - [40981 octets] - [18/09/2013 12:51:51]
AdwCleaner[R1].txt - [41074 octets] - [18/09/2013 12:54:08]
AdwCleaner[R2].txt - [6954 octets] - [25/05/2014 18:59:42]
AdwCleaner[S0].txt - [326 octets] - [18/09/2013 12:53:33]
AdwCleaner[S1].txt - [41351 octets] - [18/09/2013 12:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [7134 octets] ##########
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby nunped » May 26th, 2014, 7:52 am

Hi mal-an,

You are very welcome!

Let's start cleaning up:
Step 1 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 3 - SystemLook
Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *webprotect*
    *defaulttab*
    *smartbar*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *webprotect*
    *defaulttab*
    *smartbar*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    webprotect
    defaulttab
    smartbar
    conduit
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 27th, 2014, 3:04 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 10438061 bytes
->Temporary Internet Files folder emptied: 3976377 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 284451798 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 2576 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15450 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1593230 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 287.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05262014_224220

Files\Folders moved on Reboot...
File move failed. C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 27th, 2014, 3:31 am

# AdwCleaner v3.211 - Report created 27/05/2014 at 03:21:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alan - AL-LAPTOP
# Running from : C:\Users\Alan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Users\Alan\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\Extensions\isreaditlater@ideashower.com
Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic
File Deleted : C:\Users\Alan\AppData\LocalLow\SkwConfig.bin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\WebProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\Software\Classes\Installer\Features\B05CCF18F0593604E8A49DC9AAF4BBF1
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u3awnuw.default-1379804931783\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted [Extension] : iabeihobmhlgpkcgjiloemdbofjbdcic

*************************

AdwCleaner[R0].txt - [40981 octets] - [18/09/2013 12:51:51]
AdwCleaner[R1].txt - [41074 octets] - [18/09/2013 12:54:08]
AdwCleaner[R2].txt - [7426 octets] - [25/05/2014 18:59:42]
AdwCleaner[R3].txt - [7592 octets] - [27/05/2014 03:14:54]
AdwCleaner[S0].txt - [326 octets] - [18/09/2013 12:53:33]
AdwCleaner[S1].txt - [41351 octets] - [18/09/2013 12:55:16]
AdwCleaner[S2].txt - [7318 octets] - [27/05/2014 03:21:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7378 octets] ##########
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 27th, 2014, 3:52 am

SystemLook 04.09.10 by jpshortstuff
Log created at 03:34 on 27/05/2014 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*webprotect*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\webprotect.ico.vir --a---- 3758 bytes [21:15 22/07/2013] [21:15 22/07/2013] 87FE272651968B1A9E1E38FF003E72F8

Searching for "*defaulttab*"
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg.vir --a---- 15885 bytes [22:34 05/10/2013] [15:37 07/02/2014] 95442E93150AE62D7E81F7A0ABACD58E
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir --a---- 468600 bytes [22:34 05/10/2013] [15:37 07/02/2014] F03CFCD636FEDCDF8DDCA41CE8719A00
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir --a---- 50296 bytes [22:34 05/10/2013] [15:37 07/02/2014] BBDEA1732B52E320A2221D59919CB11C
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir --a---- 53880 bytes [22:34 05/10/2013] [15:37 07/02/2014] 2F18A1E496B24CDC6B525EA838116167
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir --a---- 53904 bytes [22:34 05/10/2013] [22:34 05/10/2013] B01A4F484F4879F07EE086A37812A960
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir --a---- 441976 bytes [22:34 05/10/2013] [15:37 07/02/2014] F7E6120CFB31DE015EE2BFA2450620B9
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir --a---- 526968 bytes [22:34 05/10/2013] [15:37 07/02/2014] 71087DA47C9AF754ED993E458EAF3149
C:\Qoobox\Quarantine\Registry_backups\Service_DefaultTabUpdate.reg.dat --a---- 224 bytes [20:33 16/02/2014] [20:33 16/02/2014] 7BFC00C870AC063C43503C88814F2EF0

Searching for "*smartbar*"
No files found.

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerBack.js.vir --a---- 497312 bytes [16:17 18/09/2013] [16:17 18/09/2013] D7DC050206E596F2E6852D679970A0BF
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerFront.js.vir --a---- 258560 bytes [16:17 18/09/2013] [16:17 18/09/2013] 54C6BB15C77284B67F313797120B35EB
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\js\conduitEnv.js.vir --a---- 93693 bytes [16:17 18/09/2013] [16:17 18/09/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 853792 bytes [16:17 18/09/2013] [16:17 18/09/2013] 2D613BA163E7904A5D5EBA654C316A9F
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\Search\plugins\npConduitNewTabPlugin.dll.vir --a---- 62240 bytes [16:17 18/09/2013] [16:17 18/09/2013] 90B0FFB930489F0BC80809AE7C3C0AA0
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [16:17 18/09/2013] [16:17 18/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_11_331_CT3310511_Images_635119020644138398.png.vir --a---- 2307 bytes [16:20 18/09/2013] [16:20 18/09/2013] DC4CF28758D3BED9198399CE262781C9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif.vir --a---- 950 bytes [16:20 18/09/2013] [16:20 18/09/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif.vir --a---- 322 bytes [16:20 18/09/2013] [16:20 18/09/2013] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\adapters\conduit.js.vir --a---- 1697 bytes [16:13 18/09/2013] [22:19 05/09/2013] 9D273480CDB60C7A79E6669EA05EA1A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\conduit.xml.vir --a---- 785 bytes [08:39 29/08/2013] [08:39 29/08/2013] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayer.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerBack.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerFront.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [22:40 10/09/2013] [22:40 10/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\lib\log4conduit.jsm.vir --a---- 760 bytes [22:40 10/09/2013] [22:40 10/09/2013] 93898FE6A232C5FCD838D8168F65D802
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir --a---- 207136 bytes [22:40 10/09/2013] [22:40 10/09/2013] 0E52F63E8BA97B610400840C3057FAA4
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\searchplugins\Conduit.xml.vir --a---- 997 bytes [16:15 18/09/2013] [16:15 18/09/2013] BCF3FEDFA068893EF8555D24048C3607
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*webprotect*"
No folders found.

Searching for "*defaulttab*"
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab d------ [20:33 16/02/2014]
C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab d------ [20:33 16/02/2014]

Searching for "*smartbar*"
No folders found.

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\Conduit d------ [16:55 18/09/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "webprotect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebProtect.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
@="WebProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8540A75D-34C4-4260-9DC0-839EC6BC76B4}]
@="IWebProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebProtect.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
@="WebProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\wp-som]
"DisplayIcon"="C:\Program Files (x86)\Web Protect\webprotect.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebProtect.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
@="WebProtect"

Searching for "defaulttab"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"="04/27/2014 1:29 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"DefaultTab Browser Helper"="900"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
@="IDefaultTabBrowserActiveX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
@="IDefaultTabBrowserActiveX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
@="IDefaultTabBrowserActiveX"
[HKEY_USERS\.DEFAULT\Software\DefaultTab]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"="04/27/2014 1:29 PM"
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\BillP Studios\WinPatrol\IEHelpers]
"DefaultTab Browser Helper"="900"
[HKEY_USERS\S-1-5-18\Software\DefaultTab]

Searching for "smartbar"
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D8EF64479F1C24D4AAEAD5CB5E68506A"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D8EF64479F1C24D4AAEAD5CB5E68506A]
"File"="iSyncConduit.dll"

-= EOF =-
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 27th, 2014, 3:57 am

Thanks again!
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby nunped » May 27th, 2014, 2:41 pm

Hi mal-an,

You are welcome :) How is your computer running now?

Step 1 - Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebProtect.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8540A75D-34C4-4260-9DC0-839EC6BC76B4}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebProtect.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\wp-som]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebProtect.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}]
    [-HKEY_USERS\.DEFAULT\Software\DefaultTab]
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2 - ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 27th, 2014, 9:32 pm

Things are getting better -- thanks! Chrome even seems to be connecting. Relieved . . . Here is the OTL log. I'll post ESET as soon as it runs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebProtect.DLL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8540A75D-34C4-4260-9DC0-839EC6BC76B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8540A75D-34C4-4260-9DC0-839EC6BC76B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebProtect.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\wp-som\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebProtect.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68AA70CC-5668-43DF-BC42-4BE4B625E28B}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\DefaultTab\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 4498487 bytes
->Temporary Internet Files folder emptied: 1337993 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91756925 bytes
->Google Chrome cache emptied: 8101091 bytes
->Flash cache emptied: 984 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05272014_211735

Files\Folders moved on Reboot...
C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\windows\temp\TMP00000087B2F4073BA4EE7BDE not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 28th, 2014, 10:01 pm

Wow. ESET is taking HOURS! 13% done and already discovered 46 threats.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Chrome Doesn't Work, FF is plainfully slow, Skype is fun

Unread postby mal-an » May 30th, 2014, 3:29 am

Thanks for waiting, I had to restart several times.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=39a916e30f6637448eb6b5d3fcf7b921
# engine=15219
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-23 12:34:08
# local_time=2013-09-22 05:34:08 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 156427 155684720 0 0
# compatibility_mode=5893 16776573 100 94 0 131439898 0 0
# scanned=454841
# found=49
# cleaned=0
# scan_time=26086
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir"
sh=7D4A3CA3A3789D1EA7530FE4727D6BA8E8B47B83 ft=1 fh=4d32dd9dfb87fc86 vn="Win32/Conduit.SearchProtect.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir"
sh=8918FCD01521ECB226F977C63E9D2C158C318E6F ft=1 fh=3fa8fd925471a1f2 vn="a variant of Win32/Amonetize.O application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir"
sh=7D4A3CA3A3789D1EA7530FE4727D6BA8E8B47B83 ft=1 fh=4d32dd9dfb87fc86 vn="Win32/Conduit.SearchProtect.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir"
sh=D929C336498DADAB24159BCEBA2CB112FA61DB65 ft=1 fh=2085af9b58a3c710 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\MGtools\Process.exe"
sh=2B372EBB925B5858E15BD3BB761BE958C5449818 ft=1 fh=1f9b22697aeed8a7 vn="a variant of Win32/Toolbar.CrossRider.G application" ac=I fn="C:\Program Files (x86)\JollyWallet\ButtonUtil.dll"
sh=62689BE5969EA232EA668AAB26F3B32D696BC018 ft=1 fh=c4b29186b3a56253 vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\Program Files (x86)\JollyWallet\JollyWallet-bg.exe"
sh=3E514AB0FAC3314B78EB1EF9968E074729C50AD1 ft=1 fh=5cbba2eebc8131b5 vn="a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\Program Files (x86)\JollyWallet\JollyWallet.dll"
sh=62689BE5969EA232EA668AAB26F3B32D696BC018 ft=1 fh=c4b29186b3a56253 vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\Program Files (x86)\JollyWallet\JollyWallet.exe"
sh=3FA015C61C925A8851B94F3BC5FC8EA343463EEA ft=1 fh=34a2446edac29067 vn="multiple threats" ac=I fn="C:\Program Files (x86)\JollyWallet\Uninstall.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=92C2ED46CCABFD57142C3C42D70773C4A384ED19 ft=1 fh=0f17379e74e89995 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\ProgramData\YouTube Downloader\ytd_installer.exe"
sh=5E2B8FE63338E041C352608F53340892E1A4E4B0 ft=1 fh=6e6347772d522c63 vn="a variant of Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Alan\AppData\Local\Updater12555\Updater12555.exe"
sh=07B39F328C864FC1ED3EDA85368D74682B4B36EC ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AU trojan" ac=I fn="C:\Users\Alan\Desktop\desktop\LG Esteem\zergrush"
sh=07B39F328C864FC1ED3EDA85368D74682B4B36EC ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AU trojan" ac=I fn="C:\Users\Alan\Desktop\LG Esteem\zergrush"
sh=92C2ED46CCABFD57142C3C42D70773C4A384ED19 ft=1 fh=0f17379e74e89995 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Users\All Users\YouTube Downloader\ytd_installer.exe"
sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="D:\ProgramData\YouTube Downloader\ytd_installer.exe"
sh=C7246DC628B3583427056DB584B9E158FE285FF6 ft=1 fh=6f8fc058325daaa2 vn="a variant of Win32/Bundled.Toolbar.Ask.A application" ac=I fn="D:\Users\alan\Desktop\desktop cleanup\m4a-to-mp3-converter.exe"
sh=972101C3A3EF234AB32DBA66777AD2ABB498683A ft=1 fh=8b0bf2dabd97e490 vn="a variant of Win32/InstallCore.D application" ac=I fn="D:\Users\alan\Downloads\cnet_Mp3CoverDownloaderSetup_exe.exe"
sh=52B44EDEB70429BE9466C3B1952825826595D830 ft=1 fh=383a41e1d4a04fbb vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="D:\Users\alan\Downloads\DuplicateCleaner_setup.exe"
sh=92C2ED46CCABFD57142C3C42D70773C4A384ED19 ft=1 fh=0f17379e74e89995 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="D:\Users\All Users\YouTube Downloader\ytd_installer.exe"
sh=6C1642778CE637F9D3D3D1DF2F5BE902AD47A18B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="G:\AL-LAPTOP\Backup Set 2013-01-19 080713\Backup Files 2013-01-19 080713\Backup files 3.zip"
sh=D9E13F7FC9E0E8A8D4C103FC9096746BF87FF866 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="G:\AL-LAPTOP\Backup Set 2013-01-19 080713\Backup Files 2013-01-19 080713\Backup files 4.zip"
sh=04447AA5291290A89EC5FD1756CF486EE42C9EC7 ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A application" ac=I fn="G:\AL-LAPTOP\Backup Set 2013-01-19 080713\Backup Files 2013-01-20 190007\Backup files 27.zip"
sh=4F1187BE02DA9750688FD9F23B7BFC085BC93ACB ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 19.zip"
sh=B578F026C16FF85D50E9A6C4AB84090E6D68EB8B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 3.zip"
sh=B70D7F94C0A0FBC3226A0C38FB03FBD68441B79B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 1.zip"
sh=4C3C090E6DDF4D7A23F9BB680C8E8925EFE623CE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 2.zip"
sh=C1123FACA11645DD3816410728C320EBE6FE6BC2 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 41.zip"
sh=11855ED5CC843724B1EB33DBD789C7DF22682669 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 57.zip"
sh=D7E217AD64734B8C4400EA7CAE3E3EEE3276F215 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-18 190050\Backup files 1.zip"
sh=EB9F49C4BC6C4564B14EC505F97F48FD980C2DB5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-18 190050\Backup files 2.zip"
sh=C0A4AF6CEC06191C6AB1B667F8BA31E9D0DED733 ft=1 fh=a68c8a5b898d4c0e vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A application" ac=I fn="K:\Maxtor backup\SYLIB109m4404e\C\Documents and Settings\Alan\Desktop\aim-password-recovery-setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=39a916e30f6637448eb6b5d3fcf7b921
# engine=18468
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-30 02:04:50
# local_time=2014-05-29 10:04:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 164914380 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 152958940 0 0
# scanned=460965
# found=112
# cleaned=0
# scan_time=24785
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir"
sh=7D4A3CA3A3789D1EA7530FE4727D6BA8E8B47B83 ft=1 fh=4d32dd9dfb87fc86 vn="Win32/Conduit.SearchProtect.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir"
sh=C54510535A66A84C349479CD223A5871A90CD995 ft=1 fh=65db72da1a4871f2 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\hk64tbSwee.dll.vir"
sh=5725EA7691F61D6ED634FDD71239E726A64725C2 ft=1 fh=646f768a5b2a6339 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\hktbSwee.dll.vir"
sh=FF9EA2BC0FC60998E396A2BD73A875C3CBFBBEFF ft=1 fh=6403b45b50155137 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\ldrtbSwee.dll.vir"
sh=D35AB7E4D70C11F2669BF25E5DE207A1F48ACF05 ft=1 fh=daba6a51b436fb5c vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\prxtbSwee.dll.vir"
sh=B93F25F90F74B84691C62917CD724B55BFBB4274 ft=1 fh=6de06faf2241bbf3 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\tbSwee.dll.vir"
sh=CE2944990FEABAB26B2CFCF1248E5146E6E73A96 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\cre\banjjklfojcdbofbhbgiedekefohoaff.crx.vir"
sh=C66BE7E22C0AE8504254F55F900ED2EE60C42500 ft=1 fh=113606ed3bb5f6ba vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\TBVerifier.dll.vir"
sh=8918FCD01521ECB226F977C63E9D2C158C318E6F ft=1 fh=3fa8fd925471a1f2 vn="a variant of Win32/Amonetize.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=53A9D162FEAB90E2ECB98B0014704DA9296C5739 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\CT3310511.xpi.vir"
sh=42C73865A3E78E6C2B0D8597DE47810CD4E82446 ft=1 fh=dd606d07e02f1bf0 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\sl.exe.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\plugins\TBVerifier.dll.vir"
sh=C54510535A66A84C349479CD223A5871A90CD995 ft=1 fh=65db72da1a4871f2 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks\hk64tbSwee.dll.vir"
sh=5725EA7691F61D6ED634FDD71239E726A64725C2 ft=1 fh=646f768a5b2a6339 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks\hktbSwee.dll.vir"
sh=FF9EA2BC0FC60998E396A2BD73A875C3CBFBBEFF ft=1 fh=6403b45b50155137 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks\ldrtbSwee.dll.vir"
sh=B93F25F90F74B84691C62917CD724B55BFBB4274 ft=1 fh=6de06faf2241bbf3 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks\tbSwee.dll.vir"
sh=7347094BB7355D843C3B590B6944158EF33010C2 ft=1 fh=d6498a4cb5105e4e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir"
sh=7D4A3CA3A3789D1EA7530FE4727D6BA8E8B47B83 ft=1 fh=4d32dd9dfb87fc86 vn="Win32/Conduit.SearchProtect.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir"
sh=D929C336498DADAB24159BCEBA2CB112FA61DB65 ft=1 fh=2085af9b58a3c710 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=B67024619A49806D4C593E12C919A6672C03DE29 ft=1 fh=f81ab4835774aa39 vn="Win32/SweetIM.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\MGtools\Process.exe"
sh=D4B287A0266DC5F6F77F3E1A6B6BCCEBC02C3134 ft=1 fh=0a321bb339b36ed3 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir"
sh=B6D2E20C72D0626903D1E67B3E6BE17881458AC8 ft=1 fh=48cb686bd0b760bf vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir"
sh=9C4BBB13B347FCC00E98F1A45C0BC7CE0C21E7E7 ft=1 fh=10a265e5733f77e3 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir"
sh=EA111903F48C1CB7FE5056509351A88EFE85114F ft=1 fh=0f73ddfd31d1def0 vn="Win32/Toolbar.DefaultTab.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Alan\Downloads\cbsidlm-cbsi176-SketchUp-ORG-10257337.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Alan\Downloads\ccsetup410.exe"
sh=2B372EBB925B5858E15BD3BB761BE958C5449818 ft=1 fh=1f9b22697aeed8a7 vn="a variant of Win32/Toolbar.CrossRider.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\ButtonUtil.dll"
sh=62689BE5969EA232EA668AAB26F3B32D696BC018 ft=1 fh=c4b29186b3a56253 vn="a variant of Win32/Toolbar.CrossRider.E potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet-bg.exe"
sh=3E514AB0FAC3314B78EB1EF9968E074729C50AD1 ft=1 fh=5cbba2eebc8131b5 vn="a variant of Win32/Toolbar.CrossRider.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.dll"
sh=62689BE5969EA232EA668AAB26F3B32D696BC018 ft=1 fh=c4b29186b3a56253 vn="a variant of Win32/Toolbar.CrossRider.E potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\JollyWallet.exe"
sh=3FA015C61C925A8851B94F3BC5FC8EA343463EEA ft=1 fh=34a2446edac29067 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\JollyWallet\Uninstall.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=5E2B8FE63338E041C352608F53340892E1A4E4B0 ft=1 fh=6e6347772d522c63 vn="a variant of Win32/Toolbar.CrossRider.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Users\Alan\AppData\Local\Updater12555\Updater12555.exe"
sh=07B39F328C864FC1ED3EDA85368D74682B4B36EC ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AU trojan" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Users\Alan\Desktop\desktop\LG Esteem\zergrush"
sh=07B39F328C864FC1ED3EDA85368D74682B4B36EC ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AU trojan" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\C_Users\Alan\Desktop\LG Esteem\zergrush"
sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\D_ProgramData\YouTube Downloader\ytd_installer.exe"
sh=C7246DC628B3583427056DB584B9E158FE285FF6 ft=1 fh=6f8fc058325daaa2 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\D_Users\alan\Desktop\desktop cleanup\m4a-to-mp3-converter.exe"
sh=972101C3A3EF234AB32DBA66777AD2ABB498683A ft=1 fh=8b0bf2dabd97e490 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\D_Users\alan\Downloads\cnet_Mp3CoverDownloaderSetup_exe.exe"
sh=52B44EDEB70429BE9466C3B1952825826595D830 ft=1 fh=383a41e1d4a04fbb vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\09252013_183224\D_Users\alan\Downloads\DuplicateCleaner_setup.exe"
sh=6AB0E61E2CD60C414156C901D4D5B8682EB45294 ft=1 fh=65652bc6c5235c49 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Debut\debut.exe"
sh=E9ADBE0526FFA374216D542E0D602E5533482114 ft=1 fh=df26b92e9b512772 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Debut\debutsetup_v1.64.exe"
sh=1E20CB8C6CFBC05671F0279F4580A6AD8DEE56DF ft=1 fh=9f5b6f0cc5235c49 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Debut\uninst.exe"
sh=F612942683DD413EB6899D3A50F2997321E6E562 ft=1 fh=c1ec40e073b2b2aa vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Doxillion\doxillion.exe"
sh=C69AB4240C4D464A36D6D7EE7841B95DFC0BD845 ft=1 fh=1271622cb51a3497 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Doxillion\doxillionsetup_v1.08.exe"
sh=A8011BD4A7D943485B5AC4B7BE575ECDB758772E ft=1 fh=3bd2042a73b2b2aa vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Doxillion\uninst.exe"
sh=A033CC58A848309C839C636370383A81481BD426 ft=1 fh=cc9ff824932b8bdf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Prism\prism.exe"
sh=31D8C3EDE22AFD8B1CA5CAC4FDD27A245F6CC7B6 ft=1 fh=5dda5872f4087e13 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Prism\prismsetup_v1.82.exe"
sh=7841824088542F907AD2A804AE53FE62D201E298 ft=1 fh=36a1bcee932b8bdf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\Prism\uninst.exe"
sh=347BB66C7BE3982B2602FE946E6BCF3C7C7224B5 ft=1 fh=9946b6b2c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\VideoPad\uninst.exe"
sh=20E2D74783E28D768F2F4C9D856EAB1742ECBAB4 ft=1 fh=6378f278c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\VideoPad\videopad.exe"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Software\VideoPad\vpsetup_v2.41.exe"
sh=C85DDA97D2921D5A612913F8A6F40C6D6900E209 ft=1 fh=ecb5de154131fcb7 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe"
sh=1418EA88B7B8BC9C9CBB139B2C8C21BB4101F2C7 ft=1 fh=b8ae260f117726a1 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe"
sh=D3A2C2087C291E14F451EBC4A41D26D0EAA8C374 ft=1 fh=429062c5117726a1 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Slice\uninst.exe"
sh=CADF24DD03A1DFD07C71B6DEC2FF9328917E2F6C ft=1 fh=d9721690b48b2c9d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Switch\switch.exe"
sh=620ED194ADF9A17AFC19CCA0C563089AFD45D71B ft=1 fh=8e32ca7ddb6e4c55 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Switch\switchsetup_v4.09.exe"
sh=BFC971105EE2A57F90C65E9AA1912223CB5F9464 ft=1 fh=234c525ab48b2c9d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Program Files\NCH Swift Sound\Switch\uninst.exe"
sh=CFBC1AD162ADAA65F4056A48A1D2799A9748E21F ft=1 fh=c20a111b254b2f40 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="D:\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=6A761177B381C34D2ADD558198087E42EA042F24 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="D:\Program Files\Vuze\.install4j\i4j_extf_9_5p83tu.xpi"
sh=01CB092DE7B06DDB91025252B0B4C37566C47019 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Mozilla\Firefox\Profiles\hnjq01xf.default\Cache\4\A1\1DBDEd01"
sh=F78FFCFA6A943E748A8DEA8978D515C9D7454A9B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Mozilla\Firefox\Profiles\hnjq01xf.default\Cache\4\C6\21213d01"
sh=C67541A506E96E52729F8BC4E10970CBA39FF469 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Mozilla\Firefox\Profiles\hnjq01xf.default\Cache\B\2C\AE853d01"
sh=E9ADBE0526FFA374216D542E0D602E5533482114 ft=1 fh=df26b92e9b512772 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Temp\debutsetup.exe"
sh=C69AB4240C4D464A36D6D7EE7841B95DFC0BD845 ft=1 fh=1271622cb51a3497 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Temp\doxillionsetup.exe"
sh=31D8C3EDE22AFD8B1CA5CAC4FDD27A245F6CC7B6 ft=1 fh=5dda5872f4087e13 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Temp\prismsetup.exe"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Local\Temp\vpsetup.exe"
sh=B7F2047C7278BA4401E42B1F8A2FC5FC69ACA710 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\staged\{90eee664-34b1-422a-a782-779af65cdf6d}\chrome\incredimail_mediabar_4.jar"
sh=2CAFEF38E7388ECE681AFE38510C429E92537DF8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\staged\{9ee802e8-c931-47ab-b570-aa8f791598ca}\chrome\emusic.jar"
sh=4004613DBECD59775E6CB8F8006DCBC858087165 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\staged\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar"
sh=55F67E32956253B1141D91D78505B887D87571CA ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}\chrome\incredimail_mediabar_4.jar"
sh=2A2E3C1B8B0DD97736665CCA00B6DB27B533F1F9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\chrome\emusic.jar"
sh=F9A435E9A01D3C9F7BF0065E3768523BF31B5C4B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\hnjq01xf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar"
sh=EDD5130D1DB584616042B2E97E87F915342339D6 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="G:\AL-LAPTOP\Backup Set 2014-04-13 191154\Backup Files 2014-04-13 191154\Backup files 2.zip"
sh=28F5BE4779A96A27518C0E53313A07013254A511 ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A potentially unsafe application" ac=I fn="G:\AL-LAPTOP\Backup Set 2014-04-13 191154\Backup Files 2014-04-13 191154\Backup files 42.zip"
sh=DE111A9FFD1139C71D9AAE7F1FD132649D3BF7DD ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\AL-LAPTOP\Backup Set 2014-04-13 191154\Backup Files 2014-04-20 190019\Backup files 1.zip"
sh=C9931CB665BB54B38ABC95500341ACE46428E960 ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A potentially unsafe application" ac=I fn="G:\AL-LAPTOP\Backup Set 2014-04-13 191154\Backup Files 2014-04-20 190019\Backup files 32.zip"
sh=9B215861987AE1D22F3AC19BBC9B2785CEF6ACC6 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 14.zip"
sh=4F1187BE02DA9750688FD9F23B7BFC085BC93ACB ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A potentially unsafe application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 19.zip"
sh=2127D6EED06BD79534D09E4A8DC79363C034CC54 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.IH potentially unsafe application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 21.zip"
sh=1B6620E9C4B6754769A133F173D85EC4622C582D ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.IH potentially unsafe application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 23.zip"
sh=B578F026C16FF85D50E9A6C4AB84090E6D68EB8B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 3.zip"
sh=DED6E6C09E683F62623E9A11D2FA5D402AE0F07A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-10-28 181901\Backup files 5.zip"
sh=B70D7F94C0A0FBC3226A0C38FB03FBD68441B79B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 1.zip"
sh=4C3C090E6DDF4D7A23F9BB680C8E8925EFE623CE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 2.zip"
sh=C1123FACA11645DD3816410728C320EBE6FE6BC2 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 41.zip"
sh=11855ED5CC843724B1EB33DBD789C7DF22682669 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-04 190012\Backup files 57.zip"
sh=D7E217AD64734B8C4400EA7CAE3E3EEE3276F215 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-18 190050\Backup files 1.zip"
sh=EB9F49C4BC6C4564B14EC505F97F48FD980C2DB5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\AL-LAPTOP\Backup Set 2012-10-28 181901\Backup Files 2012-11-18 190050\Backup files 2.zip"
sh=C0A4AF6CEC06191C6AB1B667F8BA31E9D0DED733 ft=1 fh=a68c8a5b898d4c0e vn="a variant of Win32/PSWTool.AIMPasswordRecovery.A potentially unsafe application" ac=I fn="K:\Maxtor backup\SYLIB109m4404e\C\Documents and Settings\Alan\Desktop\aim-password-recovery-setup.exe"
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware