Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help - computer & mouse acting weird

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help - computer & mouse acting weird

Unread postby BlackMagic » May 18th, 2013, 4:56 pm

Help - computer & mouse acting weird :evil:

The best description I can give to what's going on with my computer is, out of nowhere I can no longer highlight URLs in my address bar with left-clicking. When I attempt to do so, only single words or parts of a the URL are highlighted. Also, if I try and open another tab by using Ctrl+left click, sometimes multiple tabs will open and sometimes just one, or two will open. There's no consistency as to how many will open when I do this.

On Facebook, if I got to click "like" on something, it either won't allow me to do it, or I have to click it multiple times before it will finally acknowledge the command. When I go to sign in, I simply click in the bar where my email would go, which brings up my email address but it will automatically check the box to keep me signed in permanently and the only way to get out of it is to click in an area slightly to the right of the box to remove the check from the box.

Sometimes when typing someone's name into the address bar, the WHOLE page will be highlighted in blue. The only way to get out of that is to click somewhere in an area that has no images or text. If I click anything located in a drop down menu, when I click on any specific item in the drop-down menu, whatever is located underneath will be acknowledged and not what I click on in the drop-down menu.

That's all I can think of for now. I know there are more odd things, but they are slipping my mind at the moment but those are the main issues. I have already checked my mouse, did a virus & malware scan, cleared my cache.

Following is the log from the DDS scan:

=====================================================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
Run by B at 16:42:50 on 2013-05-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2252 [GMT

-4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-

22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-

E2825BA31FB5}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-

FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-

C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-

199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-

D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\B\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Users\B\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?

source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=6F047D64D584C

6431DF0F651914EA7A3
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program

Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program

Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6}

- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program

Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-

1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files

(x86)\Search Toolbar\SearchToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files

(x86)\Search Toolbar\SearchToolbar.dll
uRun: [Google Update] "C:\Users\B\AppData\Local\Google\Update

\GoogleUpdate.exe" /c
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App

\KGShare_App.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin

\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P

DellComms
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing

Protection\adawarebp.exe"
mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus

\AdAwareLauncher" --windows-run
StartupFolder: C:\Users\B\AppData\Roaming\MICROS~1\Windows

\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock

\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup

\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan

\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-

65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-

87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{4B5B7510-1EBB-4E69-B1DD-64A684E3671A} : DHCPNameServer =

75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{4B5B7510-1EBB-4E69-B1DD-

64A684E3671A}\E4544574541425F52353239313 : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files

(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:

\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:

\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless

WLAN Card\WLTRAY.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -

runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068

-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:

\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist

\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles

\e9p53q4x.default\
FF - prefs.js: browser.search.defaulturl - www.google.com/&q=test
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-

8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components

\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\B\AppData\Local\Google\Update

\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-13 16:36; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\B

\AppData\Roaming\Mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-

yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19

28480]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-13 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers

\MpFilter.sys [2013-1-20 230320]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11

384800]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus

\AdAwareService.exe [2013-3-18 1236336]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA

\AERTSr64.exe [2009-10-9 92160]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

[2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock

\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers

\NisDrvWFP.sys [2012-8-30 130008]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

[2012-9-20 3677000]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files

(x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows

\System32\drivers\CtClsFlt.sys [2010-1-11 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers

\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys

[2009-9-25 233984]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client

\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys

[2009-8-20 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live

\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:

\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows

\System32\drivers\RtsUStor.sys [2009-7-17 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows

\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers

\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files

\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-18 12:52:19 9460464 ----a-w- C:\ProgramData\Microsoft

\Microsoft Antimalware\Definition Updates\{1E336CD7-C59E-44FA-B73F-

539BB4CE027B}\mpengine.dll
2013-05-17 11:13:19 9460464 ------w- C:\ProgramData\Microsoft

\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 11:01:19 -------- d-----w- C:\Users\B\AppData\Roaming

\AVG2012
2013-05-16 07:03:10 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-16 07:03:10 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 10:47:57 983400 ----a-w- C:\Windows\System32\drivers

\dxgkrnl.sys
2013-05-13 20:39:55 -------- d-----w- C:\Users\B\AppData\Roaming

\LavasoftStatistics
2013-05-13 20:39:54 -------- d-----w- C:\ProgramData\Ad-Aware

Antivirus
2013-05-13 20:36:58 -------- d-----w- C:\Program Files (x86)\Ad-Aware

Antivirus
2013-05-13 20:36:33 -------- d-----w- C:\ProgramData\Downloaded

Installations
2013-05-13 20:36:23 -------- d-----w- C:\ProgramData\Search Protection
2013-05-13 20:36:20 -------- d-----w- C:\Users\B\AppData\Local

\adawarebp
2013-05-13 20:36:19 -------- d-----w- C:\ProgramData\Ad-Aware

Browsing Protection
2013-05-13 20:34:01 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-05-13 20:34:01 14456 ----a-w- C:\Windows\System32\drivers

\gfibto.sys
2013-05-13 20:33:59 -------- d-----w- C:\Users\B\AppData\Roaming

\Ad-Aware Antivirus
2013-05-13 20:14:32 -------- d-----w- C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2013-05-13 20:13:57 -------- d-----w- C:\Users\B\AppData\Local

\Programs
2013-04-24 20:57:58 905296 ------w- C:\ProgramData\Microsoft

\Microsoft Antimalware\Definition Updates\{1BB45321-30C5-4271-A852-

8A8B0B828410}\gapaengine.dll
2013-04-24 20:55:06 95648 ----a-w- C:\Windows

\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 20:54:09 1656680 ----a-w- C:\Windows\System32\drivers

\ntfs.sys
2013-04-18 23:20:51 99840 ----a-w- C:\Windows\System32\Spool

\prtprocs\x64\CNMPPAR.DLL
2013-04-18 23:20:50 30208 ----a-w- C:\Windows\System32\Spool

\prtprocs\x64\CNMPDAR.DLL
2013-04-18 23:20:24 385024 ----a-w- C:\Windows

\System32\CNMLMAR.DLL
.
==================== Find3M ====================
.
2013-05-16 02:26:17 71048 ----a-w- C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 02:26:17 692104 ----a-w- C:\Windows

\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows

\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch

\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch

\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch

\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch

\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-11 07:18:40 384800 ----a-w- C:\Windows\System32\drivers

\avgtdia.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers

\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows

\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows

\SysWow64\vbscript.dll
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers

\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows

\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows

\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows

\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows

\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows

\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows

\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-11 22:07:56 861088 ----a-w- C:\Windows

\SysWow64\npdeployJava1.dll
2013-03-11 22:07:56 782240 ----a-w- C:\Windows

\SysWow64\deployJava1.dll
2013-02-27 06:02:44 111448 ----a-w- C:\Windows

\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 16:43:31.87 ===============

Following is the Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/22/2010 3:13:23 PM
System Uptime: 5/18/2013 7:26:37 AM (9 hours ago)
.
Motherboard: Dell Inc. | | 0TKV96
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 16.831 GiB free.
D: is FIXED (NTFS) - 397 GiB total, 397.191 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Advanced Audio FX Engine
AVG 2012
Banctec Service Agreement
Canon MG3100 series MP Drivers
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell Communications (Support Software)
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
GIMP 2.6.10
Google Chrome
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 21
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 16 (64-bit)
Junk Mail filter update
KODAK Share Button App
LibreOffice 3.6
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Octoshape add-in for Adobe Flash Player
PowerDVD DX
QualXServ Service Agreement
Quickset64
Realtek High Definition Audio Driver
Search Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
WildTangent Games
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010

1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 9:29:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The

application-specific permission settings do not grant Local Launch permission for the

COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT

AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This

security permission can be modified using the Component Services administrative

tool.
5/17/2013 11:21:53 PM, Error: volsnap [36] - The shadow copies of volume C: were

aborted because the shadow copy storage could not grow due to a user imposed

limit.
5/16/2013 9:45:36 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Netman service.
5/16/2013 9:45:06 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Wlansvc service.
5/16/2013 9:21:06 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

AudioEndpointBuilder service.
5/16/2013 9:13:06 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the UxSms

service.
5/16/2013 9:11:06 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

HomeGroupListener service.
5/16/2013 3:16:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] -

Installation Failure: Windows failed to install the following update with error

0x800f0902: Update for Windows 7 for x64-based Systems (KB2798162).
5/16/2013 3:16:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] -

Installation Failure: Windows failed to install the following update with error

0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2830290).
5/16/2013 11:08:57 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

IPBusEnum service.
.
==== End Of File ===========================
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm
Advertisement
Register to Remove

Re: Help - computer & mouse acting weird

Unread postby melboy » May 19th, 2013, 7:42 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=====================================================================


Multiple Anti Virus programs.

You are operating multiple Anti Virus programs on your computer:

  • Ad-Aware Antivirus
  • AVG 2012
  • Microsoft Security Essentials

It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.

Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:

    • Ad-Aware Antivirus
    • Ad-Aware Browsing Protection
    • AVG 2012
    • Java 7 Update 9 (64-bit)
    • Java(TM) 6 Update 16 (64-bit)
    • McAfee Security Scan Plus
    • Search Toolbar

  • Click Uninstall & then follow the prompts to remove them.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Using the internal updater ensure the software is updated to the current version 11.0.03
  • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
  • Click to download and install any necessary updates.


Reset Hosts

Download this Microsoft fixit & save it to your desktop.

  • Right click MicrosoftFixit50267.msi and choose "Install"
  • Check the box I Agree & click next
  • Click next, then restart when prompted.


AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help - computer & mouse acting weird

Unread postby BlackMagic » May 19th, 2013, 10:33 pm

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 22:31:46
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : B - B-PC
# Boot Mode : Normal
# Running from : C:\Users\B\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Zynga
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\search protection
Folder Found : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\B\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\e9p53q4x.default\jetpack
Folder Found : C:\Users\B\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-2961307465-3270029909-2606788007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-2961307465-3270029909-2606788007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\e9p53q4x.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3568 octets] - [19/05/2013 22:31:46]

########## EOF - C:\AdwCleaner[R1].txt - [3628 octets] ##########
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm

Re: Help - computer & mouse acting weird

Unread postby melboy » May 20th, 2013, 12:40 pm

Hi

Give me an update on how the computer is running after completing these steps. Let AdwCleaner reboot the computer fully and produce it's logfile before running OTL.


AdwCleaner

  • Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help - computer & mouse acting weird

Unread postby BlackMagic » May 20th, 2013, 9:42 pm

Everything is so much better, thank you so much. However, there is still an odd issue and I'm not sure if this is supposed to remain on my computer or not, but when signed onto the web, at the very bottom of my screen is a small bar that has a "spam" icon in the form of a biohazard symbol and a Lavasoft Ad-Aware symbol and when I hover over it I get a pop-up asking me if I would like to mark the page as spam. Also, when I go to google and type in something to search, whatever comes up has a green shield next to the links to the webpages saying it's "Marked as safe by Ad-Aware." I am assuming those things should have been removed with the removal of the Ad-Aware? One last thing I am just now experiencing, I am getting a lag when typing this text, so much so that it stalls my words as I am typing them. It's not consistent and could just be net traffic, but I figure I would bring it up just in case there is a related issue with it.

Here are the logs you requested...

========================================================================

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 20:57:08
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : B - B-PC
# Boot Mode : Normal
# Running from : C:\Users\B\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Zynga
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\B\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\e9p53q4x.default\jetpack
Folder Deleted : C:\Users\B\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-

D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\e9p53q4x.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3689 octets] - [19/05/2013 22:31:46]
AdwCleaner[S1].txt - [3380 octets] - [20/05/2013 20:57:08]

########## EOF - C:\AdwCleaner[S1].txt - [3440 octets] ##########


==========================================================================


OTL logfile created on: 5/20/2013 9:04:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\B\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.59% Memory free
7.60 Gb Paging File | 5.98 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 16.64 Gb Free Space | 28.40% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 397.19 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: B-PC | User Name: B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/20 21:03:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B\Desktop\OTL.exe
PRC - [2013/05/19 23:06:46 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/05 07:50:35 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\B\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/06/26 11:17:26 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/05 07:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/05 07:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/19 23:06:20 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 04:39:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:39:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:39:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 09:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/16 20:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/05/19 23:06:45 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 22:26:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 15:00:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/05/05 07:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/13 16:34:00 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/12 08:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/07 21:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 20:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 16:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 10:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/08/20 13:05:00 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 13:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 00:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 20:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2C3359C4-E524-48D6-BB6D-D6908C9A1707}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{EAF69BD5-D141-49B6-A0EA-2610F04EE7CE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?sourc ... 51914EA7A3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{1B977252-65EC-DFCB-E752-794A37822658}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "www.google.com/&q=test"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF53C93F1-07D5-430c-86D4-C9531B27DFAF%7D:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\B\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\B\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/20 08:28:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/31 08:33:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 23:06:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 23:06:12 | 000,000,000 | ---D | M]

[2010/11/26 18:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B\AppData\Roaming\mozilla\Extensions
[2013/05/18 08:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions
[2012/11/26 01:15:40 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013/05/18 08:46:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\https-everywhere@eff.org
[2013/05/13 16:36:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/11/26 01:15:40 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\B\AppData\Roaming\mozilla\firefox\profiles\e9p53q4x.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/05/14 22:10:20 | 000,453,334 | ---- | M] () (No name found) -- C:\Users\B\AppData\Roaming\mozilla\firefox\profiles\e9p53q4x.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
[2013/05/19 23:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/19 23:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/19 23:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/19 23:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/19 23:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/19 23:06:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/31 08:33:47 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: XFINITY Search (Enabled)
CHR - default_search_provider: search_url = http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securesearch.lavasoft.com/?sourc ... 51914EA7A3
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\B\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\B\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\B\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\B\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AVG Security Toolbar = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: AT_Delbuck = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2\
CHR - Extension: Gmail = C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
O4 - HKCU..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - Startup: C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B5B7510-1EBB-4E69-B1DD-64A684E3671A}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{158d02a3-c419-11e0-9099-0026b91bbeaf}\Shell - "" = AutoRun
O33 - MountPoints2\{158d02a3-c419-11e0-9099-0026b91bbeaf}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{f826b816-27df-11e0-83d8-0026b91bbeaf}\Shell - "" = AutoRun
O33 - MountPoints2\{f826b816-27df-11e0-83d8-0026b91bbeaf}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f826b82b-27df-11e0-83d8-0026b91bbeaf}\Shell - "" = AutoRun
O33 - MountPoints2\{f826b82b-27df-11e0-83d8-0026b91bbeaf}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 21:03:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\B\Desktop\OTL.exe
[2013/05/20 07:52:08 | 000,000,000 | ---D | C] -- C:\Users\B\AppData\Local\{4381F4DA-250C-49CD-BACA-679D6A9128A6}
[2013/05/19 23:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/19 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\B\AppData\Roaming\AVG2012
[2013/05/18 16:34:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\B\Desktop\dds.scr
[2013/05/16 06:48:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/13 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\B\AppData\Roaming\LavasoftStatistics
[2013/05/13 16:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/13 16:34:01 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/13 16:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/13 16:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/13 16:13:57 | 000,000,000 | ---D | C] -- C:\Users\B\AppData\Local\Programs
[2013/04/24 16:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2013/05/20 22:38:10 | 005,216,094 | ---- | M] () -- C:\Users\B\Desktop\Video0014.mp4
[2013/05/20 21:07:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 21:07:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 21:03:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B\Desktop\OTL.exe
[2013/05/20 20:59:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 20:59:28 | 3061,219,328 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 20:55:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2961307465-3270029909-2606788007-1001UA.job
[2013/05/20 20:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/20 18:42:28 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/20 18:42:28 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/20 18:42:28 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/20 07:55:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2961307465-3270029909-2606788007-1001Core.job
[2013/05/20 05:54:46 | 000,002,050 | ---- | M] () -- C:\Users\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/19 22:30:57 | 000,632,031 | ---- | M] () -- C:\Users\B\Desktop\adwcleaner.exe
[2013/05/19 22:22:54 | 000,980,480 | ---- | M] () -- C:\Users\B\Desktop\MicrosoftFixit50267.msi
[2013/05/18 16:35:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\B\Desktop\dds.scr
[2013/05/16 03:30:24 | 000,311,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/13 16:34:00 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/13 16:14:42 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/08 23:06:11 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/05/20 20:00:59 | 005,216,094 | ---- | C] () -- C:\Users\B\Desktop\Video0014.mp4
[2013/05/19 22:30:46 | 000,632,031 | ---- | C] () -- C:\Users\B\Desktop\adwcleaner.exe
[2013/05/19 22:22:51 | 000,980,480 | ---- | C] () -- C:\Users\B\Desktop\MicrosoftFixit50267.msi
[2013/05/13 16:14:42 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 20:33:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/07/28 13:26:04 | 000,000,838 | ---- | C] () -- C:\Users\B\.recently-used.xbel
[2010/06/06 13:16:51 | 000,000,099 | ---- | C] () -- C:\Users\B\jagex_runescape_preferences2.dat
[2010/06/06 13:16:51 | 000,000,000 | ---- | C] () -- C:\Users\B\jagex__preferences3.dat
[2010/06/06 13:15:13 | 000,000,046 | ---- | C] () -- C:\Users\B\jagex_runescape_preferences.dat
[2010/06/06 12:37:12 | 000,006,144 | ---- | C] () -- C:\Users\B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/04 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\.minecraft
[2013/05/19 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\AVG2012
[2010/07/28 13:26:04 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\gtk-2.0
[2012/09/08 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\LibreOffice
[2010/05/22 16:01:41 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\WildTangent
[2011/04/16 09:23:12 | 000,000,000 | ---D | M] -- C:\Users\B\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

================================================================

OTL Extras logfile created on: 5/20/2013 9:04:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\B\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.59% Memory free
7.60 Gb Paging File | 5.98 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 16.64 Gb Free Space | 28.40% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 397.19 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: B-PC | User Name: B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9A04D2-A3B9-4D41-A2EC-7AC079D2ABD3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{172998FC-B608-43E9-BB66-89D64A7970F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D896CD8-171F-48E7-AF98-21641B31CEC9}" = rport=139 | protocol=6 | dir=out | app=system |
"{267E49E4-746C-4193-874E-E1D70CCFCF23}" = lport=138 | protocol=17 | dir=in | app=system |
"{29AA6126-3C20-4B08-A824-D2001F06A6B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{406FDB8B-8EDF-46D6-84A0-3504119B7B27}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BC533AB-8BC4-46DD-9C25-7BA41A3FF4A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{629B28F6-516A-44B5-8155-A1BC848BD89F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6752F952-96E8-4EF1-9451-24A727A30489}" = lport=137 | protocol=17 | dir=in | app=system |
"{69ECBDA8-A772-4FE0-A8DA-222DD752D409}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C1165A2-ECD1-48FC-A952-BF3EF6EC13EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D1F98B1-0386-4D34-90DA-B3D0808D5C2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FB10664-57EC-4A5E-ACB1-BBC026FC7FE5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70F5098D-DD61-42BC-9861-8A7359BA00A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C9FAA58-8948-49E6-B8A0-4714D848EE5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8ABE7E81-8BB5-4657-90C3-23AE2A470E98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B160CD4-F010-445F-9D6B-355FD2F4A0B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C3E3251-4E52-4D01-9F5F-A5B67AFC8A5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C4F9702-A4C7-4822-BEB1-29D11A94CF26}" = rport=138 | protocol=17 | dir=out | app=system |
"{A12A121E-4FCB-4411-8E32-FDE8A156B9FC}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3ECA6D2-B3A3-41B2-BDAC-B3437CC420B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4F882C5-27AD-48B0-8217-F168FAB75B66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD3D0144-9E52-4F47-9922-A18AEC1EF35E}" = rport=445 | protocol=6 | dir=out | app=system |
"{B293EDEF-6663-430D-8420-1122D1792464}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B42CB23A-B9EE-4F35-B4AD-BD014ED4BD69}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C532AA24-DE44-4251-851B-D2D83E3F12AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3A21A49-E8F8-47BC-8DC9-D5D9D98503D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{185E16DE-031E-4A1F-8E7C-20FC1EA1FA46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B87D1FA-79D2-4A3E-99D0-07A839197658}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2847F96F-1E4F-4C9D-987B-F6407A9AAF7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A79A573-FA5A-4301-82CE-C7EA95D4A50D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D9153AA-B8C0-4AC5-9FBE-01DCC7E8748A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2F9D464A-69A5-4010-9416-EA41F43F8B38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32CB65A7-3D91-4BA8-85C0-D23F5575A3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{34230BA6-D09E-462F-9189-7A9F587BD667}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{3E12F890-5996-43BD-9CBC-6865E89BF70D}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{46B37D09-7952-4E69-B1FB-73FFFADD4ACC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{510692CF-242F-427E-8415-A02304019A6E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{52B4A1ED-D9E0-4869-94B1-DA0B66F76486}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{542324D3-1154-487A-9E01-A0AC6386A925}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68F5F9B3-6082-4BE8-BA2C-4EAAC52927A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69D343F0-D0AA-49B2-9054-3E6C45724523}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{6B481A48-D9A0-46AD-991B-4886A9F61D05}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7B38159C-4547-4B08-9D40-A08909D0ED29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BCA5054-9FC0-49B4-8E11-BF1A59219FFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{828C2E49-55CC-4810-BCAD-05D4DA1A9C79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{898B8ADF-D0FB-421E-9E7C-0A7E5AEC5815}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{8B3AA55A-EA1D-4D56-96A0-EEB17B4B65C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D08791D-E1FA-423F-AC82-3E39A92F0CF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95DBF87C-AC0F-4D3E-A2DC-DBFB1C6A979D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A3031785-A281-40FF-ADD5-FFE2DA961BC1}" = protocol=6 | dir=out | app=system |
"{B4617DFF-8292-4054-9FAA-DBC56010C068}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5B59CDA-7074-443C-916E-30CA2BA12CCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1D94777-3EA5-4679-883A-6064898EDB1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C5830713-A389-46A6-9989-FD7E189F14C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C87A7C4A-23FF-41C8-BACD-D9ECF5B161A5}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{C925FD90-7E14-479E-9666-5BE3D2841D98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4956AC5-1877-4754-9049-39DEADDD8270}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E8D79903-E98C-4FB6-804D-79A73A98CD64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECF01CD4-0477-47F3-A161-6BADDD60E361}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EE3C4146-42CD-4F2C-8C82-7304F92D3FF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE972282-72F0-45A9-8503-0DDEB118C21A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F33A461E-7348-4C59-90C6-E5AB95D33327}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F6F0664D-3844-45A9-AD2A-313FF9858FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}" = KODAK Share Button App
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2013 10:43:47 PM | Computer Name = B-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 4/12/2013 10:43:47 PM | Computer Name = B-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 4/13/2013 10:37:33 AM | Computer Name = B-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 20.0.1.4847 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: aac Start
Time: 01ce38444f89d76b Termination Time: 226 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id:

Error - 4/16/2013 11:28:21 AM | Computer Name = B-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 20.0.1.4847,
time stamp: 0x51650a74 Faulting module name: NPSWF32_11_7_700_169.dll, version:
11.7.700.169, time stamp: 0x5155fd7e Exception code: 0x80000003 Fault offset: 0x0034621d
Faulting
process id: 0x2114 Faulting application start time: 0x01ce3a9319b89b2e Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll Report Id: 44b4d016-a6aa-11e2-838f-0026b91bbeaf

Error - 4/17/2013 9:03:31 AM | Computer Name = B-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/17/2013 9:03:32 AM | Computer Name = B-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/17/2013 9:03:33 AM | Computer Name = B-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/19/2013 8:17:27 PM | Computer Name = B-PC | Source = Chrome | ID = 1
Description =

Error - 4/19/2013 8:36:47 PM | Computer Name = B-PC | Source = Chrome | ID = 1
Description =

Error - 4/28/2013 10:13:44 PM | Computer Name = B-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
stamp: 0x51650aee Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
0x51650a09 Exception code: 0xc0000005 Fault offset: 0x000b10e8 Faulting process id:
0xb38 Faulting application start time: 0x01ce445b9e350d8b Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 6ac2cd9d-b072-11e2-9430-0026b91bbeaf

[ Media Center Events ]
Error - 6/15/2010 8:22:32 PM | Computer Name = B-PC | Source = MCUpdate | ID = 0
Description = 8:22:32 PM - Error connecting to the internet. 8:22:32 PM - Unable
to contact server..

[ System Events ]
Error - 5/16/2013 11:07:57 PM | Computer Name = B-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 5/16/2013 11:08:27 PM | Computer Name = B-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 5/16/2013 11:08:57 PM | Computer Name = B-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 5/17/2013 7:01:38 AM | Computer Name = B-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:27 PM on ?5/?16/?2013 was unexpected.

Error - 5/17/2013 7:02:59 AM | Computer Name = B-PC | Source = DCOM | ID = 10016
Description =

Error - 5/17/2013 9:29:30 AM | Computer Name = B-PC | Source = DCOM | ID = 10016
Description =

Error - 5/17/2013 11:21:53 PM | Computer Name = B-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/19/2013 10:20:07 PM | Computer Name = B-PC | Source = DCOM | ID = 10016
Description =

Error - 5/19/2013 10:28:26 PM | Computer Name = B-PC | Source = DCOM | ID = 10016
Description =

Error - 5/20/2013 9:01:02 PM | Computer Name = B-PC | Source = DCOM | ID = 10016
Description =


< End of report >
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm

Re: Help - computer & mouse acting weird

Unread postby BlackMagic » May 20th, 2013, 11:02 pm

After making my last post, and after doing more online after posting the results of the scans, my computer is starting to do the odd things again, not consistent or as frequent, but the issues seem to be coming back. =\
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm

Re: Help - computer & mouse acting weird

Unread postby melboy » May 21st, 2013, 4:43 pm

Hi

I have to say at this point malware doesn't appear to be the cause of your problems. However, we will run a couple of checks to be sure.

Please allow OTL to reboot and produce it's logfile before running GMER.


Google Chrome

  • Open Google Chrome
  • Click the Menu icon Image
  • Click settings
  • Check the Show Home button checkbox
  • Click Change to enter a link of your choice. (suggestion: http://www.google.com)
  • Close & Restart Google Chrome.


    OTL Script

    We need to run an OTL Fix

    • Double-click OTL.exe to start the program.
    • Copy and Paste the following code into the Image textbox. Do not include the word Code:
      Code: Select all
      :commands
      [CREATERESTOREPOINT]
      
      :otl
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?sourc ... 51914EA7A3
      [2013/05/13 16:36:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      :services
      gfibto
      
      :files
      C:\Windows\SysNative\drivers\gfibto.sys
      
      :commands
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
    • Then click the Run Fix button at the top.
    • Click Image.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


    Gmer

    Download GMER Rootkit Scanner from here.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • It is very important you do not use your computer while GMER is running
    • Right click the randomly named GMER Image icon & choose "Run as Administrator"
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
    • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
    • Please check the Quick scan box
    • Please uncheck the following:
      • IAT/EAT
      • Show All <<< Important
      Image
    • Click Scan
    • If you see a rootkit warning window click OK
    • When the scan is finished, Save the results to your desktop as gmer.log
    • Click Copy then paste the results in your reply
    • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
    Note:
    • If you encounter any problems, try running GMER in Safe Mode
    • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help - computer & mouse acting weird

Unread postby BlackMagic » May 21st, 2013, 8:30 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\B\AppData\Roaming\mozilla\Firefox\Profiles\e9p53q4x.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
Service gfibto stopped successfully!
Service gfibto deleted successfully!
========== FILES ==========
C:\Windows\SysNative\drivers\gfibto.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: B
->Temp folder emptied: 27792185 bytes
->Temporary Internet Files folder emptied: 403315 bytes
->Java cache emptied: 3189842 bytes
->FireFox cache emptied: 176936229 bytes
->Google Chrome cache emptied: 6063122 bytes
->Flash cache emptied: 394764 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71612 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67764 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 337859516 bytes

Total Files Cleaned = 527.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05212013_200229

Files\Folders moved on Reboot...
C:\Users\B\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
=============================================================

GMER found no modifications and the gmer.log is empty
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm

Re: Help - computer & mouse acting weird

Unread postby melboy » May 23rd, 2013, 6:20 pm

Hi

Give me an update on any problems you're still facing.


OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


ESET Online Scanner:

Note: You can use either Internet Explorer, Mozilla FireFox or Google Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE, Google Chrome or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
  • Click Run ESET Online Scanner
    Note: If using Mozilla Firefox or Google Chrome you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer, Google Chrome or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at:
    C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help - computer & mouse acting weird

Unread postby BlackMagic » May 25th, 2013, 4:24 pm

Hello, sorry for the late reply.

My issues are back, all of them, despite my computer working fine one day and then crappy the next. My computer actually just shut down out of nowhere, got the blue screen of death, and have got a report from my computer as to the cause, although I have no clue what it means. lol. I will follow the instructions you have recently posted and go from there. I want to thank you again for all the help you have given me. I am at a loss as to what the heck is going on.
BlackMagic
Active Member
 
Posts: 6
Joined: May 18th, 2013, 4:19 pm

Re: Help - computer & mouse acting weird

Unread postby NonSuch » May 29th, 2013, 3:38 pm

Due to a lack of additional response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 103 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware