Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ads popping up and redirectrion on website

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ads popping up and redirectrion on website

Unread postby hamman » January 16th, 2014, 12:48 am

Hello,
When I go to any website, I keep getting redirected to purchase software. I have ads popping up in websites. At times, when I enter into any entry field I get directed to this site rvzr-a.akamaihd.net and seems to have pop ups. Also, when I am at on any web site there is always ads on each side of the web page.

thank you for your help

Here are the two logs:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Palii at 22:26:12 on 2014-01-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1036 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Palii\AppData\Local\GCC\Controller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Palii\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Windows\explorer.exe
C:\Users\Palii\AppData\Local\GCC\Controller.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: OMG Music Plus: {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: OKitSpace: {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{5F84E90B-B1ED-4E4E-8812-BE62672D74D7} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: OMG Music Plus: {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-11 46368]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-8 98208]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-1-1 2301216]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-5 144896]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-9-8 1225832]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2014-1-14 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2014-1-14 71680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-8 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-25 59392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-01-15 22:22:32 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-01-15 09:26:03 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B396AD03-2247-42D9-9E1C-5114150D253D}\offreg.dll
2014-01-14 21:44:31 71680 ----a-w- C:\Windows\System32\drivers\silabser.sys
2014-01-14 21:44:31 27336 ----a-w- C:\Windows\System32\drivers\silabenm.sys
2014-01-14 20:46:59 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-14 20:46:59 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-14 20:46:59 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-14 20:46:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-14 20:46:59 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-14 20:46:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-14 20:46:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-14 20:46:58 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-14 20:46:57 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-14 19:47:47 -------- d-----w- C:\Program Files (x86)\KG-UVD1P FCC
2014-01-14 19:38:52 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B396AD03-2247-42D9-9E1C-5114150D253D}\mpengine.dll
2014-01-13 02:59:12 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-12 03:28:48 -------- d-----w- C:\Program Files (x86)\OMG Music Plus
2014-01-12 03:28:12 -------- d-----w- C:\Users\Palii\AppData\Local\Wajam
2014-01-12 03:28:07 -------- d-----w- C:\Program Files (x86)\Wajam
2014-01-12 03:27:35 -------- d-----w- C:\Program Files (x86)\Video Downloader
2014-01-12 03:26:49 0 ----a-w- C:\LIL70CD.tmp
2014-01-12 03:26:49 0 ----a-w- C:\LIL70AF.tmp
2014-01-12 03:26:49 0 ----a-w- C:\LIL70AE.tmp
2014-01-12 03:03:22 -------- d-----w- C:\Windows\KG-UVD1P FCC
2014-01-12 02:28:14 -------- d-----w- C:\Program Files\Uninstaller
2014-01-12 02:13:26 -------- d-----w- C:\Users\Palii\AppData\Local\AVG SafeGuard toolbar
2014-01-12 02:13:11 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-01-12 02:12:33 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-01-12 02:12:32 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2014-01-12 02:12:31 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-12 02:12:04 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-01-12 02:10:26 -------- d-----w- C:\Users\Palii\AppData\Local\GCC
2014-01-12 02:10:10 -------- d-----w- C:\Users\Palii\AppData\Local\Programs
2014-01-12 02:09:47 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-01-12 02:09:46 -------- d-----w- C:\Users\Palii\AppData\Local\SearchProtect
2014-01-12 02:01:18 -------- d-----w- C:\Program Files (x86)\Silabs
2014-01-12 02:00:45 -------- d-----w- C:\SiLabs
2014-01-12 01:54:33 -------- d-----w- C:\Program Files (x86)\VideoPlayerV3
.
==================== Find3M ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 17:21:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-10-25 17:21:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 22:28:52.69 ===============


Second log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/23/2013 1:58:50 PM
System Uptime: 1/15/2014 9:43:32 AM (13 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 233.731 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.36 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 1/3/2014 7:04:43 PM - Windows Update
RP50: 1/7/2014 4:19:12 PM - Windows Update
RP51: 1/11/2014 8:00:25 PM - Installed Silicon Laboratories USBXpress Development Kit
RP52: 1/11/2014 8:02:33 PM - Windows Update
RP53: 1/14/2014 1:36:02 PM - Installed Silicon Laboratories USBXpress Development Kit
RP54: 1/14/2014 3:44:19 PM - Installed Silicon Laboratories CP210x VCP Drivers for Windows XP¹j
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am
Advertisement
Register to Remove

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 16th, 2014, 6:14 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 16th, 2014, 6:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi hamman

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's a number of things in your DDS logs that need attention, but before we start removing your infection I'll need you to run a couple more scans for me so that we've got a better picture of what we need to do.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

DO NOT TRY TO FIX (CLEAN) ANYTHING WITH ADWCLEANER YET

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • Frst.txt
  • Addition.txt
  • Systemlook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby hamman » January 16th, 2014, 5:54 pm

Hello,

Just a question, as I do not want to lose my place in getting help. I have the first log you asked for, however, can you tell me is the FRST program take a long time to run. It has been running for several hours. I can notice files changing .....

Thanks
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 16th, 2014, 6:06 pm

It shouldn't be running for hours, usually it takes about 15 mins, sometimes with a heavily infected machine it may take a little longer. FRST does not change or remove anything on your computer unless it has been given a script to run, and since I haven't yet given you a script then all it should be doing is scanning.

Shut down your computer, then restart it and try to run FRST again, if it's still giving problems then try this instead ....

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby hamman » January 16th, 2014, 11:11 pm

Hello,
I guess I will post a couple of messages as this could be to long for one, if that is ok.
After 4 tries I was able to get FRST to run, but I will post all the reports.

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Palii (administrator) on DEBORAH-LAPTOP on 16-01-2014 20:08:30
Running from C:\Users\Palii\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N5LN2JY
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Users\Palii\AppData\Local\GCC\Controller.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
() C:\Users\Palii\AppData\Local\GCC\Controller.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Bundlore LTD) C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Palii\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N5LN2JY\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-05-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2534936 2014-01-11] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Deborah\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q={searchTerms}&SSPV=
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={62C3FF89-DDB1-469A-809A-6D0027685322}&mid=d58817053b824c75823bb3d73f504cf0-4a0c9ba159c067904db11bcd2ca70690789d94e0&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-01-11 20:13:12&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho64.dll (Bundlore LTD)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho.dll (Bundlore LTD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: OKitSpace - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx? ... CF1ECFB&q=%s&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-12-16]
CHR Extension: (Google Drive) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-12-16]
CHR Extension: (Video Player) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbogmakocmjkbdbebnhokkghbamnhhf\1.1_0 [2014-01-11]
CHR Extension: (Google Search) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-12-16]
CHR Extension: (Wajam) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0 [2014-01-14]
CHR Extension: (OMG Music Plus) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn\1.26.6_0 [2014-01-16]
CHR Extension: () - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]
CHR Extension: (Gmail) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [cnbogmakocmjkbdbebnhokkghbamnhhf] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta147\ch\VideoPlayerV3beta147.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [hifnddafpdkmjljallgdlkjiiieidmec] - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Palii\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-13]

==================== Services (Whitelisted) =================

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-11] (AVG Secure Search)
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-01] (Wajam)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-11] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-16 19:56 - 2014-01-16 20:06 - 00027004 _____ C:\Users\Palii\Desktop\SystemLook.txt
2014-01-16 19:54 - 2014-01-16 19:54 - 00096256 _____ C:\Users\Palii\Downloads\SystemLook_x64.exe
2014-01-16 19:11 - 2014-01-16 19:53 - 00065546 _____ C:\Users\Palii\Desktop\Extras.Txt
2014-01-16 19:10 - 2014-01-16 19:52 - 00080374 _____ C:\Users\Palii\Desktop\OTL.Txt
2014-01-16 18:34 - 2014-01-16 18:39 - 00060227 _____ C:\Users\Palii\Downloads\FRST.txt
2014-01-16 18:33 - 2014-01-16 18:33 - 02076160 _____ (Farbar) C:\Users\Palii\Downloads\FRST64.exe
2014-01-16 08:15 - 2014-01-16 08:15 - 00000000 ____D C:\FRST
2014-01-16 08:10 - 2014-01-16 08:11 - 00000000 ____D C:\AdwCleaner
2014-01-16 08:07 - 2014-01-16 08:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DEBORAH-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-16 08:07 - 2014-01-16 08:07 - 00000000 ____D C:\RegBackup
2014-01-16 08:06 - 2014-01-16 08:06 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-16 08:06 - 2014-01-16 08:06 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-15 23:51 - 2014-01-15 23:51 - 00005269 _____ C:\Users\Palii\Documents\radio chart.tw
2014-01-15 22:29 - 2014-01-15 22:29 - 00001148 _____ C:\Users\Palii\Desktop\attach.txt
2014-01-15 22:29 - 2014-01-15 22:28 - 00020824 _____ C:\Users\Palii\Desktop\dds.txt
2014-01-15 22:25 - 2014-01-15 22:25 - 00688992 ____R (Swearware) C:\Users\Palii\Downloads\dds.scr
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (9).exe
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (8).exe
2014-01-15 20:05 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (7).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (6).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (5).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (4).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (3).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (2).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (1).exe
2014-01-15 20:02 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English.exe
2014-01-15 16:26 - 2014-01-15 16:26 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 543004.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 626091.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 482844.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 3289.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 26722.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 940964.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 484781.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 432961.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 322914.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 972658.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 722831.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 171921.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 143535.crdownload
2014-01-15 16:22 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 496048.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 385109.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 195933.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (28).exe
2014-01-15 16:22 - 2014-01-15 16:22 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (27).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (26).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (25).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (24).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (23).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (22).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (21).exe
2014-01-15 16:19 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (20).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (19).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (18).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (17).exe
2014-01-15 16:18 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (16).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (15).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (14).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (13).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (12).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (11).exe
2014-01-15 16:17 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (10).exe
2014-01-15 16:17 - 2014-01-15 16:17 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (9).exe
2014-01-15 13:11 - 2014-01-15 13:11 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 175963.crdownload
2014-01-15 13:10 - 2014-01-15 13:10 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 85310.crdownload
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (9).exe
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (10).exe
2014-01-15 10:56 - 2014-01-15 10:56 - 00459840 _____ C:\Users\Palii\Downloads\Setup (8).exe
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 491323.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 433498.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 384220.crdownload
2014-01-14 15:47 - 2014-01-14 15:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-01-14 15:44 - 2012-06-04 13:42 - 00071680 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\silabser.sys
2014-01-14 15:44 - 2012-06-04 13:42 - 00027336 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\silabenm.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 14:46 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 14:46 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 14:46 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 13:47 - 2014-01-14 13:47 - 00001953 _____ C:\Users\Palii\Desktop\KG-UVD1P FCC.lnk
2014-01-14 13:47 - 2014-01-14 13:47 - 00001953 _____ C:\Users\Deborah\Desktop\KG-UVD1P FCC.lnk
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KG-UVD1P FCC
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\Program Files (x86)\KG-UVD1P FCC
2014-01-14 13:46 - 2014-01-14 13:47 - 01604496 _____ () C:\Users\Palii\Downloads\KG-UVD1P FCC setup F2.exe
2014-01-14 13:45 - 2014-01-14 13:45 - 01704232 _____ (Fusion Install ) C:\Users\Palii\Downloads\Player-Chrome.exe
2014-01-13 19:09 - 2014-01-13 19:10 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
2014-01-13 19:07 - 2014-01-13 19:08 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
2014-01-13 19:05 - 2014-01-13 19:06 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
2014-01-13 19:04 - 2014-01-13 19:05 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe
2014-01-12 22:17 - 2014-01-12 22:18 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 827079.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 343794.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 118477.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 655026.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 654576.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 849660.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 658789.crdownload
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (8).exe
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (7).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (6).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (5).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (4).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (3).exe
2014-01-12 22:11 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (2).exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup.exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (1).exe
2014-01-12 01:19 - 2014-01-12 01:19 - 04177760 _____ C:\Users\Palii\Downloads\PCBoosterSetup.exe
2014-01-12 01:17 - 2014-01-12 01:17 - 00590940 _____ C:\Users\Palii\Downloads\Unconfirmed 742685.crdownload
2014-01-12 01:16 - 2014-01-12 01:17 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (17).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (16).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (15).exe
2014-01-12 01:15 - 2014-01-12 01:15 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (14).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (13).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (12).exe
2014-01-12 01:13 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (11).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (9).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (10).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (8).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (7).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (6).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (5).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (4).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (3).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (2).exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English.exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (1).exe
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\Unconfirmed 413575.crdownload
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (8).exe
2014-01-12 00:17 - 2014-01-12 00:17 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (7).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (6).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (5).exe
2014-01-12 00:15 - 2014-01-12 00:15 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (4).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup.exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (3).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (2).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (1).exe
2014-01-11 23:33 - 2014-01-11 23:33 - 00000000 ____D C:\Users\Deborah\AppData\Local\AVG SafeGuard toolbar
2014-01-11 23:32 - 2014-01-11 23:32 - 00000000 ____D C:\Users\Deborah\AppData\Local\SearchProtect
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (7).exe
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (6).exe
2014-01-11 21:58 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (5).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (4).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (3).exe
2014-01-11 21:29 - 2014-01-16 18:29 - 00002106 _____ C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001346 _____ C:\Windows\Tasks\OMG Music Plus-updater.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001282 _____ C:\Windows\Tasks\OMG Music Plus-codedownloader.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001170 _____ C:\Windows\Tasks\OMG Music Plus-enabler.job
2014-01-11 21:29 - 2014-01-11 21:29 - 00004376 _____ C:\Windows\System32\Tasks\OMG Music Plus-updater
2014-01-11 21:29 - 2014-01-11 21:29 - 00004312 _____ C:\Windows\System32\Tasks\OMG Music Plus-codedownloader
2014-01-11 21:29 - 2014-01-11 21:29 - 00004200 _____ C:\Windows\System32\Tasks\OMG Music Plus-enabler
2014-01-11 21:28 - 2014-01-16 18:29 - 00002138 _____ C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job
2014-01-11 21:28 - 2014-01-11 21:29 - 00000000 ____D C:\Program Files (x86)\OMG Music Plus
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Local\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Program Files (x86)\Wajam
2014-01-11 21:27 - 2014-01-11 21:27 - 00001136 _____ C:\Users\Public\Desktop\Video Downloader.lnk
2014-01-11 21:27 - 2014-01-11 21:27 - 00000000 ____D C:\Program Files (x86)\Video Downloader
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (2).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (1).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70CD.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AF.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AE.tmp
2014-01-11 21:25 - 2014-01-11 21:25 - 00138616 _____ C:\Users\Palii\Downloads\setup.exe
2014-01-11 21:03 - 2014-01-11 21:03 - 00000000 ____D C:\Windows\KG-UVD1P FCC
2014-01-11 20:13 - 2014-01-11 20:13 - 00000000 ____D C:\Users\Palii\AppData\Local\AVG SafeGuard toolbar
2014-01-11 20:13 - 2014-01-11 20:11 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-01-11 20:12 - 2014-01-15 15:46 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-11 20:12 - 2014-01-11 20:14 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-11 20:12 - 2014-01-11 20:12 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-11 20:10 - 2014-01-11 20:10 - 00004554 _____ C:\Windows\System32\Tasks\GC_Informer
2014-01-11 20:10 - 2014-01-11 20:10 - 00004538 _____ C:\Windows\System32\Tasks\GC_Scheduler
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\Documents\Optimizer Pro
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\AppData\Local\GCC
2014-01-11 20:09 - 2014-01-15 16:22 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-11 20:09 - 2014-01-11 20:09 - 00000000 ____D C:\Users\Palii\AppData\Local\SearchProtect
2014-01-11 20:01 - 2014-01-11 20:01 - 00000000 ____D C:\Program Files (x86)\Silabs
2014-01-11 20:00 - 2014-01-14 13:36 - 00000000 ____D C:\SiLabs
2014-01-11 19:55 - 2014-01-11 19:55 - 00000090 _____ C:\extensions.ini
2014-01-11 19:55 - 2014-01-11 19:55 - 00000000 _____ C:\extensions.sqlite
2014-01-11 19:54 - 2014-01-11 19:54 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-22 01:16 - 2013-12-22 01:16 - 00005765 _____ C:\Users\Deborah\Documents\A Hetalia Christmas Carol.odt
2013-12-21 14:18 - 2013-12-21 14:18 - 00014964 _____ C:\Users\Deborah\Documents\HCC.odt
2013-12-18 19:58 - 2014-01-16 18:23 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForPalii.job
2013-12-18 19:58 - 2014-01-15 19:51 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPalii

==================== One Month Modified Files and Folders =======

2014-01-16 20:06 - 2014-01-16 19:56 - 00027004 _____ C:\Users\Palii\Desktop\SystemLook.txt
2014-01-16 19:54 - 2014-01-16 19:54 - 00096256 _____ C:\Users\Palii\Downloads\SystemLook_x64.exe
2014-01-16 19:53 - 2014-01-16 19:11 - 00065546 _____ C:\Users\Palii\Desktop\Extras.Txt
2014-01-16 19:52 - 2014-01-16 19:10 - 00080374 _____ C:\Users\Palii\Desktop\OTL.Txt
2014-01-16 19:32 - 2010-07-08 02:28 - 01234849 _____ C:\Windows\WindowsUpdate.log
2014-01-16 19:23 - 2013-10-23 13:16 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-16 19:11 - 2013-12-16 00:28 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 18:39 - 2014-01-16 18:34 - 00060227 _____ C:\Users\Palii\Downloads\FRST.txt
2014-01-16 18:36 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 18:36 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 18:34 - 2013-10-27 19:53 - 00000000 ____D C:\Users\Deborah
2014-01-16 18:33 - 2014-01-16 18:33 - 02076160 _____ (Farbar) C:\Users\Palii\Downloads\FRST64.exe
2014-01-16 18:29 - 2014-01-11 21:29 - 00002106 _____ C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job
2014-01-16 18:29 - 2014-01-11 21:29 - 00001346 _____ C:\Windows\Tasks\OMG Music Plus-updater.job
2014-01-16 18:29 - 2014-01-11 21:29 - 00001282 _____ C:\Windows\Tasks\OMG Music Plus-codedownloader.job
2014-01-16 18:29 - 2014-01-11 21:29 - 00001170 _____ C:\Windows\Tasks\OMG Music Plus-enabler.job
2014-01-16 18:29 - 2014-01-11 21:28 - 00002138 _____ C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job
2014-01-16 18:29 - 2013-12-16 00:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 18:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 18:28 - 2009-07-13 22:51 - 00050240 _____ C:\Windows\setupact.log
2014-01-16 18:23 - 2013-12-18 19:58 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForPalii.job
2014-01-16 18:22 - 2013-10-23 14:53 - 00199416 _____ C:\Windows\PFRO.log
2014-01-16 08:15 - 2014-01-16 08:15 - 00000000 ____D C:\FRST
2014-01-16 08:11 - 2014-01-16 08:10 - 00000000 ____D C:\AdwCleaner
2014-01-16 08:07 - 2014-01-16 08:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DEBORAH-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-16 08:07 - 2014-01-16 08:07 - 00000000 ____D C:\RegBackup
2014-01-16 08:06 - 2014-01-16 08:06 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-16 08:06 - 2014-01-16 08:06 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-16 00:03 - 2013-12-16 10:38 - 00000000 ____D C:\Users\Palii\AppData\Local\Google
2014-01-15 23:51 - 2014-01-15 23:51 - 00005269 _____ C:\Users\Palii\Documents\radio chart.tw
2014-01-15 22:29 - 2014-01-15 22:29 - 00001148 _____ C:\Users\Palii\Desktop\attach.txt
2014-01-15 22:28 - 2014-01-15 22:29 - 00020824 _____ C:\Users\Palii\Desktop\dds.txt
2014-01-15 22:27 - 2013-10-23 13:16 - 00000000 ____D C:\Users\Palii\AppData\Roaming\HpUpdate
2014-01-15 22:25 - 2014-01-15 22:25 - 00688992 ____R (Swearware) C:\Users\Palii\Downloads\dds.scr
2014-01-15 21:17 - 2013-12-16 00:28 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (9).exe
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (8).exe
2014-01-15 20:06 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (7).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (6).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (5).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (4).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (3).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (2).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (1).exe
2014-01-15 20:03 - 2014-01-15 20:02 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English.exe
2014-01-15 19:51 - 2013-12-18 19:58 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPalii
2014-01-15 19:50 - 2013-10-30 19:49 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-15 19:50 - 2013-10-29 19:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-15 18:14 - 2013-10-23 15:34 - 00000000 ____D C:\Users\Palii\AppData\Local\Windows Live
2014-01-15 16:26 - 2014-01-15 16:26 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 543004.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 626091.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 482844.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 3289.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 26722.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 940964.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 484781.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 432961.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 322914.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 972658.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 722831.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 171921.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 143535.crdownload
2014-01-15 16:23 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 496048.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 385109.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 195933.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (28).exe
2014-01-15 16:22 - 2014-01-15 16:22 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:22 - 2014-01-11 20:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (27).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (26).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (25).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (24).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (23).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (22).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (21).exe
2014-01-15 16:20 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (20).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (19).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (18).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (17).exe
2014-01-15 16:19 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (16).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (15).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (14).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (13).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (12).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (11).exe
2014-01-15 16:18 - 2014-01-15 16:17 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (10).exe
2014-01-15 16:17 - 2014-01-15 16:17 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (9).exe
2014-01-15 15:46 - 2014-01-11 20:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-15 15:46 - 2013-10-23 13:07 - 00000000 ___RD C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 13:11 - 2014-01-15 13:11 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 175963.crdownload
2014-01-15 13:10 - 2014-01-15 13:10 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 85310.crdownload
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (9).exe
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (10).exe
2014-01-15 10:56 - 2014-01-15 10:56 - 00459840 _____ C:\Users\Palii\Downloads\Setup (8).exe
2014-01-15 03:25 - 2009-07-13 22:45 - 00305696 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:06 - 2013-10-23 15:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 03:03 - 2013-10-23 15:02 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 491323.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 433498.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 384220.crdownload
2014-01-14 15:47 - 2014-01-14 15:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-01-14 15:44 - 2010-05-14 22:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 13:47 - 2014-01-14 13:47 - 00001953 _____ C:\Users\Palii\Desktop\KG-UVD1P FCC.lnk
2014-01-14 13:47 - 2014-01-14 13:47 - 00001953 _____ C:\Users\Deborah\Desktop\KG-UVD1P FCC.lnk
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KG-UVD1P FCC
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\Program Files (x86)\KG-UVD1P FCC
2014-01-14 13:47 - 2014-01-14 13:46 - 01604496 _____ () C:\Users\Palii\Downloads\KG-UVD1P FCC setup F2.exe
2014-01-14 13:45 - 2014-01-14 13:45 - 01704232 _____ (Fusion Install ) C:\Users\Palii\Downloads\Player-Chrome.exe
2014-01-14 13:36 - 2014-01-11 20:00 - 00000000 ____D C:\SiLabs
2014-01-13 19:10 - 2014-01-13 19:09 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
2014-01-13 19:08 - 2014-01-13 19:07 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
2014-01-13 19:06 - 2014-01-13 19:05 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
2014-01-13 19:05 - 2014-01-13 19:04 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe
2014-01-12 22:26 - 2013-10-29 19:26 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDeborah
2014-01-12 22:26 - 2013-10-29 19:26 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForDeborah.job
2014-01-12 22:18 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 827079.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 343794.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 118477.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 655026.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 654576.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 849660.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 658789.crdownload
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (8).exe
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (7).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (6).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (5).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (4).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (3).exe
2014-01-12 22:12 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (2).exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup.exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (1).exe
2014-01-12 01:19 - 2014-01-12 01:19 - 04177760 _____ C:\Users\Palii\Downloads\PCBoosterSetup.exe
2014-01-12 01:17 - 2014-01-12 01:17 - 00590940 _____ C:\Users\Palii\Downloads\Unconfirmed 742685.crdownload
2014-01-12 01:17 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (17).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (16).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (15).exe
2014-01-12 01:15 - 2014-01-12 01:15 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (14).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (13).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (12).exe
2014-01-12 01:14 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (11).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (9).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (10).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (8).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (7).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (6).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (5).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (4).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (3).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (2).exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English.exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (1).exe
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\Unconfirmed 413575.crdownload
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (8).exe
2014-01-12 00:17 - 2014-01-12 00:17 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (7).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (6).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (5).exe
2014-01-12 00:15 - 2014-01-12 00:15 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (4).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup.exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (3).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (2).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (1).exe
2014-01-11 23:33 - 2014-01-11 23:33 - 00000000 ____D C:\Users\Deborah\AppData\Local\AVG SafeGuard toolbar
2014-01-11 23:32 - 2014-01-11 23:32 - 00000000 ____D C:\Users\Deborah\AppData\Local\SearchProtect
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (7).exe
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (6).exe
2014-01-11 21:59 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (5).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (4).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (3).exe
2014-01-11 21:29 - 2014-01-11 21:29 - 00004376 _____ C:\Windows\System32\Tasks\OMG Music Plus-updater
2014-01-11 21:29 - 2014-01-11 21:29 - 00004312 _____ C:\Windows\System32\Tasks\OMG Music Plus-codedownloader
2014-01-11 21:29 - 2014-01-11 21:29 - 00004200 _____ C:\Windows\System32\Tasks\OMG Music Plus-enabler
2014-01-11 21:29 - 2014-01-11 21:28 - 00000000 ____D C:\Program Files (x86)\OMG Music Plus
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Local\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Program Files (x86)\Wajam
2014-01-11 21:27 - 2014-01-11 21:27 - 00001136 _____ C:\Users\Public\Desktop\Video Downloader.lnk
2014-01-11 21:27 - 2014-01-11 21:27 - 00000000 ____D C:\Program Files (x86)\Video Downloader
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (2).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (1).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70CD.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AF.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AE.tmp
2014-01-11 21:25 - 2014-01-11 21:25 - 00138616 _____ C:\Users\Palii\Downloads\setup.exe
2014-01-11 21:09 - 2013-10-23 13:06 - 00000000 ____D C:\Users\Palii\AppData\Local\VirtualStore
2014-01-11 21:03 - 2014-01-11 21:03 - 00000000 ____D C:\Windows\KG-UVD1P FCC
2014-01-11 20:14 - 2014-01-11 20:12 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-11 20:13 - 2014-01-11 20:13 - 00000000 ____D C:\Users\Palii\AppData\Local\AVG SafeGuard toolbar
2014-01-11 20:12 - 2014-01-11 20:12 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-11 20:11 - 2014-01-11 20:13 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-01-11 20:10 - 2014-01-11 20:10 - 00004554 _____ C:\Windows\System32\Tasks\GC_Informer
2014-01-11 20:10 - 2014-01-11 20:10 - 00004538 _____ C:\Windows\System32\Tasks\GC_Scheduler
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\Documents\Optimizer Pro
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\AppData\Local\GCC
2014-01-11 20:09 - 2014-01-11 20:09 - 00000000 ____D C:\Users\Palii\AppData\Local\SearchProtect
2014-01-11 20:01 - 2014-01-11 20:01 - 00000000 ____D C:\Program Files (x86)\Silabs
2014-01-11 19:55 - 2014-01-11 19:55 - 00000090 _____ C:\extensions.ini
2014-01-11 19:55 - 2014-01-11 19:55 - 00000000 _____ C:\extensions.sqlite
2014-01-11 19:54 - 2014-01-11 19:54 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-08 22:22 - 2013-10-30 14:38 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\HpUpdate
2014-01-05 22:03 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-22 01:19 - 2013-12-06 20:41 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\SoftGrid Client
2013-12-22 01:16 - 2013-12-22 01:16 - 00005765 _____ C:\Users\Deborah\Documents\A Hetalia Christmas Carol.odt
2013-12-21 14:18 - 2013-12-21 14:18 - 00014964 _____ C:\Users\Deborah\Documents\HCC.odt
2013-12-18 19:58 - 2013-10-23 13:06 - 00000000 ____D C:\Users\Palii\AppData\Local\Hewlett-Packard
2013-12-18 19:57 - 2013-12-16 10:14 - 00000000 ____D C:\Users\Palii\AppData\Roaming\hpqlog
2013-12-18 19:57 - 2010-05-14 22:17 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-18 19:57 - 2009-09-06 18:40 - 00000000 ____D C:\SwSetup
2013-12-18 19:55 - 2010-05-14 22:17 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-12-18 19:35 - 2009-07-13 23:13 - 00727182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-18 19:34 - 2013-10-23 13:01 - 00000000 ____D C:\Users\Palii\AppData\Roaming\Hewlett-Packard

Some content of TEMP:
====================
C:\Users\Deborah\AppData\Local\Temp\SP51976.exe
C:\Users\Deborah\AppData\Local\Temp\sp58915.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Palii\AppData\Local\Temp\BackupSetup.exe
C:\Users\Palii\AppData\Local\Temp\Extract.exe
C:\Users\Palii\AppData\Local\Temp\helper.exe
C:\Users\Palii\AppData\Local\Temp\HPQSi.exe
C:\Users\Palii\AppData\Local\Temp\instloffer.exe
C:\Users\Palii\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Palii\AppData\Local\Temp\LuckyLeap.exe
C:\Users\Palii\AppData\Local\Temp\mmgzatlzfbptgh.exe
C:\Users\Palii\AppData\Local\Temp\nsf630D.exe
C:\Users\Palii\AppData\Local\Temp\nsm2755.exe
C:\Users\Palii\AppData\Local\Temp\nsmF29C.exe
C:\Users\Palii\AppData\Local\Temp\nsmF645.exe
C:\Users\Palii\AppData\Local\Temp\nsq4916.exe
C:\Users\Palii\AppData\Local\Temp\nsq51ED.exe
C:\Users\Palii\AppData\Local\Temp\nsq6965.exe
C:\Users\Palii\AppData\Local\Temp\nsw2300.exe
C:\Users\Palii\AppData\Local\Temp\oi_{9238368E-8759-42A8-B8BF-1F2A560A7666}.exe
C:\Users\Palii\AppData\Local\Temp\Setup1.exe
C:\Users\Palii\AppData\Local\Temp\SP51650.exe
C:\Users\Palii\AppData\Local\Temp\SP51976.exe
C:\Users\Palii\AppData\Local\Temp\SPSetup.exe
C:\Users\Palii\AppData\Local\Temp\sqlite3.exe
C:\Users\Palii\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-15 03:55

==================== End Of Log ============================

SystemLook.Txt

SystemLook 04.09.10 by jpshortstuff
Log created at 19:56 on 16/01/2014 by Palii
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe --a---- 1751600 bytes [01:05 14/01/2014] [01:06 14/01/2014] A99ABB043DF796C6C941154EE858AAE9
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe --a---- 1751600 bytes [01:07 14/01/2014] [01:08 14/01/2014] A99ABB043DF796C6C941154EE858AAE9
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe --a---- 1751600 bytes [01:09 14/01/2014] [01:10 14/01/2014] A99ABB043DF796C6C941154EE858AAE9
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe --a---- 1751600 bytes [01:04 14/01/2014] [01:05 14/01/2014] A99ABB043DF796C6C941154EE858AAE9

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Cookies\palii@babylon[2].txt --a---- 80 bytes [19:16 23/10/2013] [19:16 23/10/2013] DE0BF0663CE9E267899F783008EA2F83

Searching for "*conduit*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [19:16 23/10/2013]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia d------ [08:45 08/07/2010]

Searching for "*conduit*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){af=ah.charCodeAt(ai);ag+=aj.charAt((af>
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++)

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){af=ah.charCodeAt(ai);ag+=aj.charAt((af>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++)

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){af=ah.charCodeAt(ai);ag+=aj.charAt((af>
[HKEY_CURRENT_USER\Software\AVG SafeGuard toolbar\IE]
"Revert_HP"="http://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&SSPV="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&SSPV="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&q={searchTerms}&SSPV="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
"Publisher"="Conduit"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++)
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AVG SafeGuard toolbar\IE]
"Revert_HP"="http://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&SSPV="
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com/?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&SSPV="
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3317819&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0F290662-D40C-47D0-BB78-3C82FCF1ECFB&q={searchTerms}&SSPV="
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"

-= EOF =-
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby hamman » January 16th, 2014, 11:23 pm

What follows are the other post requested:

OTL.TXT

OTL logfile created on: 1/16/2014 6:43:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Palii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.78% Memory free
5.86 Gb Paging File | 4.14 Gb Available in Paging File | 70.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 229.89 Gb Free Space | 81.09% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.41 Mb Free Space | 96.05% Space Free | Partition Type: FAT32

Computer Name: DEBORAH-LAPTOP | User Name: Palii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 21:29:43 | 000,773,120 | ---- | M] (Bundlore LTD) -- C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bg.exe
PRC - [2014/01/11 20:11:54 | 002,534,936 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/01/11 20:11:53 | 001,772,056 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/11 20:11:51 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2014/01/01 02:38:24 | 004,333,856 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/01/01 02:38:24 | 002,911,520 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/01/01 02:38:24 | 002,301,216 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Palii\AppData\Local\GCC\Controller.exe
PRC - [2013/11/01 08:31:08 | 000,114,176 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
PRC - [2013/10/22 07:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Palii\Desktop\OTL.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/05/24 21:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 20:11:55 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2014/01/11 20:11:54 | 002,534,936 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Palii\AppData\Local\GCC\Controller.exe
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/05/24 21:34:02 | 001,703,936 | ---- | M] () -- C:\Users\Palii\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/05/24 21:25:22 | 003,760,128 | ---- | M] () -- C:\Users\Palii\AppData\Roaming\PictureMover\Bin\Core.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/01/11 20:11:53 | 001,772,056 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2014/01/01 02:38:24 | 002,301,216 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/11/01 08:31:08 | 000,114,176 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe -- (WajamUpdaterV3)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/11 20:11:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/06/04 13:42:44 | 000,071,680 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2012/06/04 13:42:44 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/05 13:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/03/05 13:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D14E65FB-0AD1-44B1-A334-31A08336F0E6}
IE:64bit: - HKLM\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D14E65FB-0AD1-44B1-A334-31A08336F0E6}
IE - HKLM\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... CF1ECFB&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={62C3FF89-DDB1-469A-809A-6D0027685322}&mid=d58817053b824c75823bb3d73f504cf0-4a0c9ba159c067904db11bcd2ca70690789d94e0&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-01-11 20:13:12&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\SearchScopes\{BED271E9-8235-4E65-A4E5-7FBFD04B5245}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/14 23:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\OKitSpace@OKitSpace.es: C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Firefox [2013/10/23 13:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta147.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta147\ff [2014/01/11 19:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014/01/11 20:13:16 | 000,000,000 | ---D | M]

[2014/01/11 19:54:33 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA147\FF

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbogmakocmjkbdbebnhokkghbamnhhf\1.1_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn\1.26.6_0\crossrider
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn\1.26.6_0\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: No name found = C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (OMG Music Plus) - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho64.dll (Bundlore LTD)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (OMG Music Plus) - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho.dll (Bundlore LTD)
O2 - BHO: (OKitSpace) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll ()
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F84E90B-B1ED-4E4E-8812-BE62672D74D7}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/16 08:15:12 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/16 08:10:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/16 08:07:00 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/01/16 08:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/01/16 08:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/01/15 16:22:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/01/15 15:53:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/14 15:44:31 | 000,071,680 | ---- | C] (Silicon Laboratories) -- C:\Windows\SysNative\drivers\silabser.sys
[2014/01/14 15:44:31 | 000,027,336 | ---- | C] (Silicon Laboratories) -- C:\Windows\SysNative\drivers\silabenm.sys
[2014/01/14 14:46:59 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 14:46:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 14:46:57 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 13:47:48 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KG-UVD1P FCC
[2014/01/14 13:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KG-UVD1P FCC
[2014/01/11 21:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OMG Music Plus
[2014/01/11 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2014/01/11 21:28:12 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Local\Wajam
[2014/01/11 21:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2014/01/11 21:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Downloader
[2014/01/11 21:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Downloader
[2014/01/11 21:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KG-UVD1P FCC
[2014/01/11 21:03:22 | 000,000,000 | ---D | C] -- C:\Windows\KG-UVD1P FCC
[2014/01/11 20:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/11 20:13:26 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Local\AVG SafeGuard toolbar
[2014/01/11 20:13:11 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/01/11 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014/01/11 20:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2014/01/11 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014/01/11 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/11 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Palii\Documents\Optimizer Pro
[2014/01/11 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Local\GCC
[2014/01/11 20:10:10 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Local\Programs
[2014/01/11 20:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/01/11 20:09:46 | 000,000,000 | ---D | C] -- C:\Users\Palii\AppData\Local\SearchProtect
[2014/01/11 20:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/01/11 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silabs
[2014/01/11 20:00:45 | 000,000,000 | ---D | C] -- C:\SiLabs
[2014/01/11 19:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/16 18:36:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 18:36:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 18:29:28 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/01/16 18:29:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/16 18:29:18 | 000,002,138 | ---- | M] () -- C:\Windows\tasks\OMG Music Plus-chromeinstaller.job
[2014/01/16 18:29:16 | 000,001,346 | ---- | M] () -- C:\Windows\tasks\OMG Music Plus-updater.job
[2014/01/16 18:29:14 | 000,002,106 | ---- | M] () -- C:\Windows\tasks\OMG Music Plus-firefoxinstaller.job
[2014/01/16 18:29:14 | 000,001,282 | ---- | M] () -- C:\Windows\tasks\OMG Music Plus-codedownloader.job
[2014/01/16 18:29:13 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\OMG Music Plus-enabler.job
[2014/01/16 18:28:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 18:28:16 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 18:23:40 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/16 18:23:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPalii.job
[2014/01/16 08:07:55 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DEBORAH-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/16 08:06:46 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/15 23:51:40 | 000,005,269 | ---- | M] () -- C:\Users\Palii\Documents\radio chart.tw
[2014/01/15 21:17:53 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 03:25:53 | 000,305,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 15:47:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2014/01/14 13:47:48 | 000,001,953 | ---- | M] () -- C:\Users\Palii\Desktop\KG-UVD1P FCC.lnk
[2014/01/12 22:26:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDeborah.job
[2014/01/11 21:27:44 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2014/01/11 20:11:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/01/11 19:55:20 | 000,000,090 | ---- | M] () -- C:\extensions.ini
[2014/01/11 19:55:20 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/18 19:35:35 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/18 19:35:35 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/18 19:35:35 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/16 08:07:55 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DEBORAH-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/16 08:06:46 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/15 23:51:40 | 000,005,269 | ---- | C] () -- C:\Users\Palii\Documents\radio chart.tw
[2014/01/14 15:47:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2014/01/14 13:47:48 | 000,001,953 | ---- | C] () -- C:\Users\Palii\Desktop\KG-UVD1P FCC.lnk
[2014/01/11 21:29:46 | 000,001,346 | ---- | C] () -- C:\Windows\tasks\OMG Music Plus-updater.job
[2014/01/11 21:29:43 | 000,001,170 | ---- | C] () -- C:\Windows\tasks\OMG Music Plus-enabler.job
[2014/01/11 21:29:38 | 000,001,282 | ---- | C] () -- C:\Windows\tasks\OMG Music Plus-codedownloader.job
[2014/01/11 21:29:27 | 000,002,106 | ---- | C] () -- C:\Windows\tasks\OMG Music Plus-firefoxinstaller.job
[2014/01/11 21:28:50 | 000,002,138 | ---- | C] () -- C:\Windows\tasks\OMG Music Plus-chromeinstaller.job
[2014/01/11 21:27:44 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2014/01/11 19:55:20 | 000,000,090 | ---- | C] () -- C:\extensions.ini
[2014/01/11 19:55:20 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/18 19:58:05 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPalii.job
[2013/12/06 20:40:49 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/28 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\OpenOffice
[2013/10/27 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PictureMover
[2013/12/22 01:19:17 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\SoftGrid Client
[2013/12/06 20:41:57 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TP
[2013/10/23 21:05:15 | 000,000,000 | ---D | M] -- C:\Users\Palii\AppData\Roaming\OpenOffice
[2013/10/23 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Palii\AppData\Roaming\PictureMover

========== Purity Check ==========



< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 1/16/2014 6:43:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Palii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.78% Memory free
5.86 Gb Paging File | 4.14 Gb Available in Paging File | 70.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 229.89 Gb Free Space | 81.09% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.41 Mb Free Space | 96.05% Space Free | Partition Type: FAT32

Computer Name: DEBORAH-LAPTOP | User Name: Palii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E92D0F0-222A-4CB6-9B33-42AE951FAFBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15C4C5B5-5655-4F83-A793-CF1E9B691ABC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EB546FF-6F3A-405F-89FE-00F1CD40C1FE}" = lport=445 | protocol=6 | dir=in | app=system |
"{24CB3CCD-2D30-4265-9BA4-B00E0E4A39A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2549420A-C08E-4C0A-B97C-4BE1A3CD403E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{347FBAF1-2EB1-400C-9B41-35D53EB19571}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{491BE97A-A5B2-49AA-BA8C-FFC656DE78B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A2B8317-DD52-4D9F-8C9E-F708A7235C68}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F5C0C39-DCCC-4D77-A57B-53187E1622EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{55CAABB6-8E91-4D64-93FD-41AF4E25C9E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C6F7DF4-9562-4B18-8BBF-613253849530}" = lport=138 | protocol=17 | dir=in | app=system |
"{5FD0D713-2724-4FFB-969D-2E53DDAE6BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BE5019A-C585-434E-B284-55155C3F798F}" = rport=138 | protocol=17 | dir=out | app=system |
"{6FD63C86-8EEA-4864-913D-7BDCB7AF1745}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C37873B-6DB7-404C-8367-05313065C7EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CDF4B88-659C-469E-81AD-E88A57D23931}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91741309-5E8B-425A-8CD3-3A97A8821C62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3386CA2-0C14-41AA-BED0-7119A36D1CA4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3AC079A-7691-4060-B8B5-E9864F2EB880}" = rport=445 | protocol=6 | dir=out | app=system |
"{B54DA492-D8D0-49E0-87F7-673DE17F133C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C27FDC3C-3892-48FF-9867-F787F7399DC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C969F8EC-ABB3-49C9-95D8-210D15D9E999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D378C1DB-B67A-4782-9466-A0FF927591E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8545C0D-2EDD-43C2-A050-09170D5FDD3F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6561811-D695-4793-B1C2-1502073D1D6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A1DF6C-129D-4C7F-8740-3FFF33BE13D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0DD8E990-892E-46B1-A560-689CC878F3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C958B6D-1F21-4D81-9E31-783C976ABAA2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D265AC4-F40C-48BA-BC30-BAE03BD8E116}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23975FD7-D11E-48C1-9489-B0BFC28E00F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{331DA340-6908-4AF8-8240-FB7438F36B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53D98886-09D1-4D2D-98E7-E868EE887D58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{638A9E0C-BA6A-4A0D-B5E2-3CDF8416BD61}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{65D5D3FF-1CED-4830-A931-FCC058D5A5A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78AD4BC9-7D5E-4282-9B45-93C8B1905960}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{897E2A2A-D4EC-499A-876D-B6F57FD064AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CAB4D51-1905-4F2B-AF5B-47604AFB6BCF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93D3A940-9115-46CE-99A3-14AFE72C21BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{98A8893D-4CCA-4270-B110-3D98C2B25549}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAA0C03C-6216-495C-889A-BD200CAE1923}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B56893EE-8CF2-4BB4-BA1F-2337C4BFB940}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{B6B56CCF-491F-4D8B-80D2-458FC7B5E74A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA88D11F-CA06-4A28-AD5B-D12652E6F7DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA93F2FC-A6CA-4D9C-A2F1-19F3068F47E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BD4A52B2-5EB0-4437-8F87-4370D631E29A}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{C4337514-F97E-429E-AA28-65D7A29C4DAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC13B215-5B20-4F76-BEFD-6462BB847650}" = protocol=6 | dir=out | app=system |
"{D1079299-2BA2-4193-B211-69BC6FDEDC69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D34BBA9D-9965-41F0-B4EE-647BBFE1835A}" = dir=in | app=c:\users\palii\appdata\local\gcc\controller.exe |
"{D4E32AAB-6D25-48D9-9DCD-59FE1E36B47E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DA72E4DA-5253-42DE-B047-2AC5B2533C89}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6EBAC04-6B38-453B-BEF5-17C3B6098CCA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37F33A5B-568C-45D6-BF0B-4DC401627B24}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{649408A1-B0C5-499E-9E01-A18677D667AC}" = Silicon Laboratories USBXpress Development Kit
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{799702C1-9412-4773-BFE3-FA168ED08DAD}" = Silicon Laboratories USBXpress Development Kit_2 (C:\SiLabs\MCU_2)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"DMUninstaller" = DMUninstaller
"GigaClicks Crawler" = GigaClicks Crawler
"Google Chrome" = Google Chrome
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KG-UVD1P FCCV2.13" = KG-UVD1P FCC
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OMG Music Plus" = OMG Music Plus
"SearchProtect" = Search Protect
"SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal)
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SoftwareUpdater" = SoftwareUpdater
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Video Downloader_is1" = Video Downloader version 1.5
"Video Player" = Video Player
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2014 8:18:18 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x289c Faulting application start time: 0x01cf12b5000a2a56 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 477f26b4-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:18:45 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x2140 Faulting application start time: 0x01cf12b510ef3632 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 58190723-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:19:13 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0xe74 Faulting application start time: 0x01cf12b521789af7 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 686c6ee8-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:19:40 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x2d64 Faulting application start time: 0x01cf12b531bd6d05 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 78aff8c9-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:20:08 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0xe4c Faulting application start time: 0x01cf12b5422be73e Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 8995044e-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:20:36 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x2fc Faulting application start time: 0x01cf12b552b9a254 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: 99eaf55c-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:21:04 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x1a34 Faulting application start time: 0x01cf12b56370ee83 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: aaf0bfcd-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:21:37 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x2a10 Faulting application start time: 0x01cf12b574187ac7 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: be378a98-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:22:05 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0x223c Faulting application start time: 0x01cf12b5878a5567 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: cf31f358-7ea8-11e3-8d1d-60eb693077d3

Error - 1/16/2014 8:22:32 AM | Computer Name = Deborah-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 32.0.1700.76, time
stamp: 0x52d0feb8 Faulting module name: chrome.dll, version: 32.0.1700.76, time
stamp: 0x52d0f860 Exception code: 0x80000003 Fault offset: 0x003da309 Faulting process
id: 0xf38 Faulting application start time: 0x01cf12b598578b40 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll Report
Id: df60c3ff-7ea8-11e3-8d1d-60eb693077d3

[ System Events ]
Error - 1/15/2014 1:56:25 AM | Computer Name = Deborah-Laptop | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 1/15/2014 1:57:51 AM | Computer Name = Deborah-Laptop | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 1/15/2014 4:54:40 AM | Computer Name = Deborah-Laptop | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 1/15/2014 5:22:22 AM | Computer Name = Deborah-Laptop | Source = DCOM | ID = 10010
Description =

Error - 1/15/2014 5:26:35 AM | Computer Name = Deborah-Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 1/15/2014 5:26:35 AM | Computer Name = Deborah-Laptop | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 1/15/2014 12:32:54 PM | Computer Name = Deborah-Laptop | Source = DCOM | ID = 10016
Description =

Error - 1/15/2014 6:13:58 PM | Computer Name = Deborah-Laptop | Source = DCOM | ID = 10016
Description =

Error - 1/15/2014 8:15:07 PM | Computer Name = Deborah-Laptop | Source = DCOM | ID = 10016
Description =

Error - 1/16/2014 2:09:05 AM | Computer Name = Deborah-Laptop | Source = DCOM | ID = 10016
Description =


< End of report >
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby hamman » January 16th, 2014, 11:24 pm

Add here is the last report I believe I got everything for your

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by Palii at 2014-01-16 20:10:06
Running from C:\Users\Palii\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N5LN2JY
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (x32 Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 11.5.1.601 - Adobe Systems, Inc.)
AVG SafeGuard toolbar (x32 Version: 17.3.1.91 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DMUninstaller (x32 Version: - )
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
GigaClicks Crawler (x32 Version: 3.0.31.0 - GigaClicks Inc.)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (x32 Version: 1.0.0.80 - WildTangent)
HP Quick Launch (x32 Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (x32 Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Software Framework (x32 Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0183 (x32 Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (x32 Version: 3.50.9.1 - Hewlett-Packard)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
Java(TM) 6 Update 17 (64-bit) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KG-UVD1P FCC (x32 Version: V2.13 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
muvee Reveal (x32 Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
OMG Music Plus (x32 Version: 1.33.153.1 - Bundlore LTD)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
PictureMover (x32 Version: 3.3.1.18 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (x32 Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32 Version: - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (x32 Version: 6.5.3 - Silicon Laboratories, Inc.)
Silicon Laboratories USBXpress Development Kit (x32 Version: 3.5.1 - Silicon Laboratories, Inc.)
Silicon Laboratories USBXpress Development Kit_2 (C:\SiLabs\MCU_2) (x32 Version: 3.5.1 - Silicon Laboratories, Inc.)
Silicon Laboratories USBXpress Device (Driver Removal) (x32 Version: - Silicon Laboratories)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
SoftwareUpdater (x32 Version: - )
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Tweaking.com - Registry Backup (x32 Version: 1.6.8 - Tweaking.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Video Downloader version 1.5 (x32 Version: 1.5 - )
Video Player (x32 Version: 1.1 - Video Player)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Wajam (x32 Version: 2.06 - Wajam) <==== ATTENTION
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Restore Points =========================

14-01-2014 19:36:02 Installed Silicon Laboratories USBXpress Development Kit
14-01-2014 21:44:19 Installed Silicon Laboratories CP210x VCP Drivers for Windows XP¹jÕŸµÄÚÿXVZ.
15-01-2014 09:00:29 Windows Update
15-01-2014 21:52:14 Removed WinZip 18.0

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0263FBD9-3A7A-4D08-BAE7-D3DE104BEE24} - System32\Tasks\OMG Music Plus-updater => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-updater.exe [2014-01-11] (Bundlore LTD)
Task: {0317E3D2-9EDF-49D0-9A56-EF561EA63DAB} - System32\Tasks\HPCeeScheduleForDeborah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {229BF55F-CF41-400C-AE4C-3F5CDC1ACA27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {390B8897-E32D-4BE2-AAD2-3035B9FA608F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {49B63CFC-FDD0-4A6C-BA37-14C5FAC9923C} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {511C9277-EBDA-4C75-BAE1-22FC787A2A76} - System32\Tasks\OMG Music Plus-firefoxinstaller => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-firefoxinstaller.exe [2014-01-11] (Bundlore LTD)
Task: {59464927-3C2C-401B-AC0A-479C5BDC47BF} - System32\Tasks\OMG Music Plus-enabler => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-enabler.exe [2014-01-11] (Bundlore LTD) <==== ATTENTION
Task: {5CBC488E-5459-4A6E-AD2A-D4A123E35E75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {62B866E5-702C-478A-BCBE-EC4D2C64799F} - System32\Tasks\AmiUpdXp => C:\Users\Palii\AppData\Local\SwvUpdater\Updater.exe [2013-10-23] (Amonetizé Ltd) <==== ATTENTION
Task: {6C12B4EF-DB37-4518-82AA-26DCD974983C} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {7D1B8EDC-5B4E-4BCF-B25A-555A6EF24A60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {8B863D57-844D-4C70-93D2-8AB18A17CE74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {9E4EE213-9E3F-47C0-98D8-1BEB2CF68D02} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe
Task: {AEBE9827-679C-4A60-9E47-6449F7D940E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {B023AD29-8947-4E39-B96F-FAC83A247C6C} - System32\Tasks\OMG Music Plus-chromeinstaller => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-chromeinstaller.exe [2014-01-11] (Bundlore LTD)
Task: {B1AA8290-6B88-4806-8259-B5558E62D4C8} - System32\Tasks\HPCeeScheduleForPalii => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D4EB03DE-CE21-4FF0-9DBB-419C537225AE} - System32\Tasks\OMG Music Plus-codedownloader => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-codedownloader.exe [2014-01-11] (Bundlore LTD)
Task: {DCBF034E-867B-4036-AB0F-F1C1E3957903} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-14] (Microsoft)
Task: {FFA40082-91AB-458B-8A96-DC68A14BBBEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Palii\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDeborah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPalii.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-chromeinstaller.exe
Task: C:\Windows\Tasks\OMG Music Plus-codedownloader.job => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-codedownloader.exe
Task: C:\Windows\Tasks\OMG Music Plus-enabler.job => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-firefoxinstaller.exe
Task: C:\Windows\Tasks\OMG Music Plus-updater.job => C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-updater.exe

==================== Loaded Modules (whitelisted) =============

2014-01-11 21:29 - 2014-01-11 21:29 - 00490496 _____ () C:\program files (x86)\omg music plus\OMG Music Plus-buttonutil64.dll
2014-01-11 20:12 - 2014-01-11 20:11 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-10-23 13:07 - 2009-05-24 21:25 - 03760128 _____ () C:\Users\Palii\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-10-23 13:07 - 2009-05-24 21:34 - 01703936 _____ () C:\Users\Palii\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2014-01-15 21:17 - 2014-01-11 04:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-15 21:17 - 2014-01-11 04:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-15 21:17 - 2014-01-11 04:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-08-13 06:15 - 2013-08-13 06:15 - 00206336 _____ () C:\Users\Palii\AppData\Local\Temp\GC\Profiles\{758E9447-CB95-4F48-B829-8BD696CDBB1C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-01-15 21:17 - 2014-01-11 04:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2014 06:41:11 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1630

Start Time: 01cf131c73f30ed3

Termination Time: 0

Application Path: C:\Users\Palii\Downloads\FRST64.exe

Report Id: e06e68d7-7f0f-11e3-a9ed-60eb693077d3

Error: (01/16/2014 06:38:13 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fbc

Start Time: 01cf131bd4ce62ba

Termination Time: 16

Application Path: C:\Users\Palii\Downloads\FRST64.exe

Report Id: 986ca949-7f0f-11e3-a9ed-60eb693077d3

Error: (01/16/2014 05:21:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x1cb0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 05:16:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x283c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 05:04:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x2b70
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 05:00:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x770
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 04:56:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x1ac8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 04:50:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x2ac
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 04:43:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x30e8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/16/2014 04:26:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: chrome.dll, version: 32.0.1700.76, time stamp: 0x52d0f860
Exception code: 0x80000003
Fault offset: 0x003da309
Faulting process id: 0x3008
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3


System errors:
=============
Error: (01/16/2014 06:52:19 PM) (Source: DCOM) (User: Deborah-Laptop)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Deborah-LaptopPaliiS-1-5-21-3172863894-2395903967-2637854924-1001LocalHost (Using LRPC)

Error: (01/16/2014 06:31:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2014 06:30:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2014 06:30:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2014 06:30:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2014 06:24:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2014 06:23:33 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:21:18 PM on ‎1/‎16/‎2014 was unexpected.

Error: (01/16/2014 06:21:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (01/16/2014 06:21:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (01/16/2014 05:13:56 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/16/2014 06:41:11 PM) (Source: Application Hang)(User: )
Description: FRST64.exe0.0.0.0163001cf131c73f30ed30C:\Users\Palii\Downloads\FRST64.exee06e68d7-7f0f-11e3-a9ed-60eb693077d3

Error: (01/16/2014 06:38:13 PM) (Source: Application Hang)(User: )
Description: FRST64.exe0.0.0.0fbc01cf131bd4ce62ba16C:\Users\Palii\Downloads\FRST64.exe986ca949-7f0f-11e3-a9ed-60eb693077d3

Error: (01/16/2014 05:21:03 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da3091cb001cf13115267f752C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dlldd48c3b5-7f04-11e3-8d1d-60eb693077d3

Error: (01/16/2014 05:16:33 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da309283c01cf1310aeff4043C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll3c7cef53-7f04-11e3-8d1d-60eb693077d3

Error: (01/16/2014 05:04:19 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da3092b7001cf130f07e76a4fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll86def3f4-7f02-11e3-8d1d-60eb693077d3

Error: (01/16/2014 05:00:19 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da30977001cf130e7bce4d0fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dllf7fe1b41-7f01-11e3-8d1d-60eb693077d3

Error: (01/16/2014 04:56:11 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da3091ac801cf130deb944cd5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll643b901f-7f01-11e3-8d1d-60eb693077d3

Error: (01/16/2014 04:50:00 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da3092ac01cf130cfc341737C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll8325d197-7f00-11e3-8d1d-60eb693077d3

Error: (01/16/2014 04:43:17 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da30930e801cf130a46280896C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll9645ae24-7eff-11e3-8d1d-60eb693077d3

Error: (01/16/2014 04:26:03 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8chrome.dll32.0.1700.7652d0f86080000003003da309300801cf1309b5eba6fcC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\chrome.dll2e954ba6-7efd-11e3-8d1d-60eb693077d3


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 3002.92 MB
Available physical RAM: 1120.48 MB
Total Pagefile: 6004.02 MB
Available Pagefile: 3641.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.49 GB) (Free:235.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.31 GB) (Free:2.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7D497DE8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 17th, 2014, 3:11 am

You've posted me the OTL logs, which I didn't need since you got FRST to work, and you didn't post me the ADWCleaner log, which I did need to see.

But from what I see in your FRST logs, I think we can proceed without you needing to post me the ADWCleaner scan log.

IMPORTANT - Your FRST log shows that you're running FRST from a Temporary File location ...

(Farbar) C:\Users\Palii\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N5LN2JY\FRST64 (1).exe


... it is essential that you move it from there to your Desktop.

DO NOT PROCEED WITH ANY OF THE INSTRUCTIONS BELOW UNTIL YOU HAVE MOVED Frst64.exe TO YOUR DESKTOP

Once that's been done ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include the words Code: Select All at the top)
Code: Select all
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q= {searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q= {searchTerms}&SSPV=
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid= {62C3FF89-DDB1-469A-809A-6D0027685322}&mid=d58817053b824c75823bb3d73f504cf0-4a0c9ba159c067904db11bcd2ca70690789d94e0&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-01-11 20:13:12&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
(Bundlore LTD) C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bg.exe
BHO: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho64.dll (Bundlore LTD)
BHO-x32: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho.dll (Bundlore LTD)
BHO-x32: OKitSpace - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll ()
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx? ... CF1ECFB&q= %s&SSPV=
CHR Extension: (Wajam) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0 [2014-01-14]
CHR Extension: (OMG Music Plus) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn\1.26.6_0 [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [cnbogmakocmjkbdbebnhokkghbamnhhf] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta147\ch\VideoPlayerV3beta147.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [hifnddafpdkmjljallgdlkjiiieidmec] - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Palii\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-13]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-01] (Wajam)
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (9).exe
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (8).exe
2014-01-15 20:05 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (7).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (6).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (5).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (4).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (3).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (2).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (1).exe
2014-01-15 20:02 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English.exe
2014-01-15 16:26 - 2014-01-15 16:26 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 543004.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 626091.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 482844.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 3289.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 26722.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 940964.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 484781.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 432961.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 322914.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 972658.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 722831.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 171921.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 143535.crdownload
2014-01-15 16:22 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 496048.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 385109.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 195933.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (28).exe
2014-01-15 16:22 - 2014-01-15 16:22 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (27).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (26).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (25).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (24).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (23).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (22).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (21).exe
2014-01-15 16:19 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (20).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (19).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (18).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (17).exe
2014-01-15 16:18 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (16).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (15).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (14).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (13).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (12).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (11).exe
2014-01-15 16:17 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (10).exe
2014-01-15 16:17 - 2014-01-15 16:17 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (9).exe
2014-01-15 13:11 - 2014-01-15 13:11 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 175963.crdownload
2014-01-15 13:10 - 2014-01-15 13:10 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 85310.crdownload
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (9).exe
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (10).exe
2014-01-15 10:56 - 2014-01-15 10:56 - 00459840 _____ C:\Users\Palii\Downloads\Setup (8).exe
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 491323.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 433498.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 384220.crdownload
2014-01-13 19:09 - 2014-01-13 19:10 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
2014-01-13 19:07 - 2014-01-13 19:08 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
2014-01-13 19:05 - 2014-01-13 19:06 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
2014-01-13 19:04 - 2014-01-13 19:05 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe
2014-01-12 22:17 - 2014-01-12 22:18 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 827079.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 343794.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 118477.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 655026.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 654576.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 849660.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 658789.crdownload
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (8).exe
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (7).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (6).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (5).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (4).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (3).exe
2014-01-12 22:11 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (2).exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup.exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (1).exe
2014-01-12 01:19 - 2014-01-12 01:19 - 04177760 _____ C:\Users\Palii\Downloads\PCBoosterSetup.exe
2014-01-12 01:17 - 2014-01-12 01:17 - 00590940 _____ C:\Users\Palii\Downloads\Unconfirmed 742685.crdownload
2014-01-12 01:16 - 2014-01-12 01:17 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (17).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (16).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (15).exe
2014-01-12 01:15 - 2014-01-12 01:15 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (14).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (13).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (12).exe
2014-01-12 01:13 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (11).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (9).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (10).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (8).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (7).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (6).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (5).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (4).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (3).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (2).exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (1).exe
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\Unconfirmed 413575.crdownload
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (8).exe
2014-01-12 00:17 - 2014-01-12 00:17 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (7).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (6).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (5).exe
2014-01-12 00:15 - 2014-01-12 00:15 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (4).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (3).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (2).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (1).exe
2014-01-11 23:32 - 2014-01-11 23:32 - 00000000 ____D C:\Users\Deborah\AppData\Local\SearchProtect
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (7).exe
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (6).exe
2014-01-11 21:58 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (5).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (4).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (3).exe
2014-01-11 21:29 - 2014-01-16 18:29 - 00002106 _____ C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001346 _____ C:\Windows\Tasks\OMG Music Plus-updater.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001282 _____ C:\Windows\Tasks\OMG Music Plus-codedownloader.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001170 _____ C:\Windows\Tasks\OMG Music Plus-enabler.job
2014-01-11 21:29 - 2014-01-11 21:29 - 00004376 _____ C:\Windows\System32\Tasks\OMG Music Plus-updater
2014-01-11 21:29 - 2014-01-11 21:29 - 00004312 _____ C:\Windows\System32\Tasks\OMG Music Plus-codedownloader
2014-01-11 21:29 - 2014-01-11 21:29 - 00004200 _____ C:\Windows\System32\Tasks\OMG Music Plus-enabler
2014-01-11 21:28 - 2014-01-16 18:29 - 00002138 _____ C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job
2014-01-11 21:28 - 2014-01-11 21:29 - 00000000 ____D C:\Program Files (x86)\OMG Music Plus
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Local\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Program Files (x86)\Wajam
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (2).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (1).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70CD.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AF.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AE.tmp
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\Documents\Optimizer Pro
2014-01-11 20:09 - 2014-01-15 16:22 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-11 20:09 - 2014-01-11 20:09 - 00000000 ____D C:\Users\Palii\AppData\Local\SearchProtect

    • Save it to the same folder/directory that FRST64.exe is in (ie your Desktop), naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe (ie on your Desktop).

THERE IS STILL MORE TO DO ONCE THIS IS DONE, BUT I'D PREFER TO DO THINGS IN STAGES, SO THAT I CAN KEEP THE INSTRUCTIONS FAIRLY SIMPLE.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby hamman » January 17th, 2014, 4:06 pm

Hello,
Sorry about the log as I thought I had entered...

Here is the adwcleaner log as I am still working on the other instructions:
I will be following this post with your other request..

AdwCleaner

# AdwCleaner v3.017 - Report created 17/01/2014 at 13:51:16
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Palii - DEBORAH-LAPTOP
# Running from : C:\Users\Palii\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : vToolbarUpdater17.3.0
Service Deleted : WajamUpdaterV3

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
Folder Deleted : C:\Program Files (x86)\Video downloader
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\OMG Music Plus
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
[!] Folder Deleted : C:\Users\Palii\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Palii\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Palii\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Palii\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Palii\AppData\Local\Wajam
Folder Deleted : C:\Users\Palii\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Palii\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Palii\AppData\LocalLow\OMG Music Plus
Folder Deleted : C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Palii\Documents\Mobogenie
Folder Deleted : C:\Users\Palii\Documents\optimizer pro
Folder Deleted : C:\Users\Deborah\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Deborah\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Deborah\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Deborah\AppData\LocalLow\OMG Music Plus
Folder Deleted : C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn
Folder Deleted : C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\OMG Music Plus-chromeinstaller
File Deleted : C:\Windows\Tasks\OMG Music Plus-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\OMG Music Plus-codedownloader
File Deleted : C:\Windows\Tasks\OMG Music Plus-enabler.job
File Deleted : C:\Windows\System32\Tasks\OMG Music Plus-enabler
File Deleted : C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\OMG Music Plus-firefoxinstaller
File Deleted : C:\Windows\Tasks\OMG Music Plus-updater.job
File Deleted : C:\Windows\System32\Tasks\OMG Music Plus-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hifnddafpdkmjljallgdlkjiiieidmec
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049182.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049182.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049182.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049182.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3543619C-D563-43F7-95EA-4DA7E1CC396A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3543619C-D563-43F7-95EA-4DA7E1CC396A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411911182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3543619C-D563-43F7-95EA-4DA7E1CC396A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411911182}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{480a17b8-38b5-4f88-a7fc-6128835b5af6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4dc59924-be0c-4351-a89d-be72c2e2a2f4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ff61e3e-017c-4a8b-bb27-369d24934cf4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90155878-8d53-4e27-9653-da3d62e3b747}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{adabfeaa-5566-4aac-80e1-88ff62a2c50d}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911182}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{480a17b8-38b5-4f88-a7fc-6128835b5af6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4dc59924-be0c-4351-a89d-be72c2e2a2f4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ff61e3e-017c-4a8b-bb27-369d24934cf4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90155878-8d53-4e27-9653-da3d62e3b747}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{adabfeaa-5566-4aac-80e1-88ff62a2c50d}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PassWidget
Key Deleted : HKCU\Software\AppDataLow\Software\OMG Music Plus
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\OMG Music Plus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OMG Music Plus
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [18824 octets] - [16/01/2014 08:11:14]
AdwCleaner[R1].txt - [19349 octets] - [17/01/2014 13:49:46]
AdwCleaner[S0].txt - [15555 octets] - [17/01/2014 13:51:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15616 octets] ##########
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby hamman » January 17th, 2014, 4:20 pm

Hello Again,

This is the log from FRST that was on my desktop

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 02
Ran by Palii at 2014-01-17 14:15:47 Run:1
Running from C:\Users\Palii\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q= {searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... CF1ECFB&q= {searchTerms}&SSPV=
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid= {62C3FF89-DDB1-469A-809A-6D0027685322}&mid=d58817053b824c75823bb3d73f504cf0-4a0c9ba159c067904db11bcd2ca70690789d94e0&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-01-11 20:13:12&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
(Bundlore LTD) C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bg.exe
BHO: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho64.dll (Bundlore LTD)
BHO-x32: OMG Music Plus - {11111111-1111-1111-1111-110411911182} - C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bho.dll (Bundlore LTD)
BHO-x32: OKitSpace - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll ()
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx? ... CF1ECFB&q= %s&SSPV=
CHR Extension: (Wajam) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0 [2014-01-14]
CHR Extension: (OMG Music Plus) - C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn\1.26.6_0 [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [cnbogmakocmjkbdbebnhokkghbamnhhf] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta147\ch\VideoPlayerV3beta147.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [hifnddafpdkmjljallgdlkjiiieidmec] - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Palii\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-13]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-01] (Wajam)
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (9).exe
2014-01-15 20:06 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (8).exe
2014-01-15 20:05 - 2014-01-15 20:06 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (7).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (6).exe
2014-01-15 20:05 - 2014-01-15 20:05 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (5).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (4).exe
2014-01-15 20:04 - 2014-01-15 20:04 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (3).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (2).exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English (1).exe
2014-01-15 20:02 - 2014-01-15 20:03 - 00698144 _____ C:\Users\Palii\Downloads\installer_0_a_d__English.exe
2014-01-15 16:26 - 2014-01-15 16:26 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 543004.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 626091.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 482844.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 3289.crdownload
2014-01-15 16:25 - 2014-01-15 16:25 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 26722.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 940964.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 484781.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 432961.crdownload
2014-01-15 16:24 - 2014-01-15 16:24 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 322914.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 972658.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 722831.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 171921.crdownload
2014-01-15 16:23 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 143535.crdownload
2014-01-15 16:22 - 2014-01-15 16:23 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 496048.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 385109.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 195933.crdownload
2014-01-15 16:22 - 2014-01-15 16:22 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (28).exe
2014-01-15 16:22 - 2014-01-15 16:22 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (27).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (26).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (25).exe
2014-01-15 16:21 - 2014-01-15 16:21 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (24).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (23).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (22).exe
2014-01-15 16:20 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (21).exe
2014-01-15 16:19 - 2014-01-15 16:20 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (20).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (19).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (18).exe
2014-01-15 16:19 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (17).exe
2014-01-15 16:18 - 2014-01-15 16:19 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (16).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (15).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (14).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (13).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (12).exe
2014-01-15 16:18 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (11).exe
2014-01-15 16:17 - 2014-01-15 16:18 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (10).exe
2014-01-15 16:17 - 2014-01-15 16:17 - 01114928 _____ ( ) C:\Users\Palii\Downloads\FlvPlayerSetup (9).exe
2014-01-15 13:11 - 2014-01-15 13:11 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 175963.crdownload
2014-01-15 13:10 - 2014-01-15 13:10 - 01114928 _____ ( ) C:\Users\Palii\Downloads\Unconfirmed 85310.crdownload
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (9).exe
2014-01-15 13:09 - 2014-01-15 13:09 - 01114928 _____ ( ) C:\Users\Palii\Downloads\DownloadManagerSetup (10).exe
2014-01-15 10:56 - 2014-01-15 10:56 - 00459840 _____ C:\Users\Palii\Downloads\Setup (8).exe
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 491323.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 433498.crdownload
2014-01-14 18:41 - 2014-01-14 18:41 - 00459328 _____ C:\Users\Palii\Downloads\Unconfirmed 384220.crdownload
2014-01-13 19:09 - 2014-01-13 19:10 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
2014-01-13 19:07 - 2014-01-13 19:08 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
2014-01-13 19:05 - 2014-01-13 19:06 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
2014-01-13 19:04 - 2014-01-13 19:05 - 01751600 _____ (Bandoo Media Inc) C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe
2014-01-12 22:17 - 2014-01-12 22:18 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 827079.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 343794.crdownload
2014-01-12 22:17 - 2014-01-12 22:17 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 118477.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 655026.crdownload
2014-01-12 22:16 - 2014-01-12 22:16 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 654576.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 849660.crdownload
2014-01-12 22:15 - 2014-01-12 22:15 - 01135552 _____ C:\Users\Palii\Downloads\Unconfirmed 658789.crdownload
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (8).exe
2014-01-12 22:14 - 2014-01-12 22:14 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (7).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (6).exe
2014-01-12 22:13 - 2014-01-12 22:13 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (5).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (4).exe
2014-01-12 22:12 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (3).exe
2014-01-12 22:11 - 2014-01-12 22:12 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (2).exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup.exe
2014-01-12 22:11 - 2014-01-12 22:11 - 01135552 _____ C:\Users\Palii\Downloads\DownloadManagerSetup (1).exe
2014-01-12 01:19 - 2014-01-12 01:19 - 04177760 _____ C:\Users\Palii\Downloads\PCBoosterSetup.exe
2014-01-12 01:17 - 2014-01-12 01:17 - 00590940 _____ C:\Users\Palii\Downloads\Unconfirmed 742685.crdownload
2014-01-12 01:16 - 2014-01-12 01:17 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (17).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (16).exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (15).exe
2014-01-12 01:15 - 2014-01-12 01:15 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (14).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (13).exe
2014-01-12 01:14 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (12).exe
2014-01-12 01:13 - 2014-01-12 01:14 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (11).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (9).exe
2014-01-12 01:13 - 2014-01-12 01:13 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (10).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (8).exe
2014-01-12 01:12 - 2014-01-12 01:12 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (7).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (6).exe
2014-01-12 01:11 - 2014-01-12 01:11 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (5).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (4).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (3).exe
2014-01-12 01:10 - 2014-01-12 01:10 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (2).exe
2014-01-12 01:09 - 2014-01-12 01:09 - 00698144 _____ C:\Users\Palii\Downloads\installer_photoscape_English (1).exe
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\Unconfirmed 413575.crdownload
2014-01-12 00:18 - 2014-01-12 00:18 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (8).exe
2014-01-12 00:17 - 2014-01-12 00:17 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (7).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (6).exe
2014-01-12 00:16 - 2014-01-12 00:16 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (5).exe
2014-01-12 00:15 - 2014-01-12 00:15 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (4).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (3).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (2).exe
2014-01-12 00:14 - 2014-01-12 00:14 - 01134952 _____ C:\Users\Palii\Downloads\FlvPlayerSetup (1).exe
2014-01-11 23:32 - 2014-01-11 23:32 - 00000000 ____D C:\Users\Deborah\AppData\Local\SearchProtect
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (7).exe
2014-01-11 21:59 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (6).exe
2014-01-11 21:58 - 2014-01-11 21:59 - 00459840 _____ C:\Users\Palii\Downloads\Setup (5).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (4).exe
2014-01-11 21:58 - 2014-01-11 21:58 - 00459840 _____ C:\Users\Palii\Downloads\Setup (3).exe
2014-01-11 21:29 - 2014-01-16 18:29 - 00002106 _____ C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001346 _____ C:\Windows\Tasks\OMG Music Plus-updater.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001282 _____ C:\Windows\Tasks\OMG Music Plus-codedownloader.job
2014-01-11 21:29 - 2014-01-16 18:29 - 00001170 _____ C:\Windows\Tasks\OMG Music Plus-enabler.job
2014-01-11 21:29 - 2014-01-11 21:29 - 00004376 _____ C:\Windows\System32\Tasks\OMG Music Plus-updater
2014-01-11 21:29 - 2014-01-11 21:29 - 00004312 _____ C:\Windows\System32\Tasks\OMG Music Plus-codedownloader
2014-01-11 21:29 - 2014-01-11 21:29 - 00004200 _____ C:\Windows\System32\Tasks\OMG Music Plus-enabler
2014-01-11 21:28 - 2014-01-16 18:29 - 00002138 _____ C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job
2014-01-11 21:28 - 2014-01-11 21:29 - 00000000 ____D C:\Program Files (x86)\OMG Music Plus
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Palii\AppData\Local\Wajam
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____D C:\Program Files (x86)\Wajam
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (2).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00459192 _____ C:\Users\Palii\Downloads\Setup (1).exe
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70CD.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AF.tmp
2014-01-11 21:26 - 2014-01-11 21:26 - 00000000 _____ C:\LIL70AE.tmp
2014-01-11 20:10 - 2014-01-11 20:10 - 00000000 ____D C:\Users\Palii\Documents\Optimizer Pro
2014-01-11 20:09 - 2014-01-15 16:22 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-11 20:09 - 2014-01-11 20:09 - 00000000 ____D C:\Users\Palii\AppData\Local\SearchProtect

*****************

C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => No running process found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key deleted successfully.
HKCR\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
C:\Program Files (x86)\OMG Music Plus\OMG Music Plus-bg.exe => No running process found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911182} => Key not found.
HKCR\CLSID\{11111111-1111-1111-1111-110411911182} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911182} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411911182} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} => Key not found.
HKCR\Wow6432Node\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found.
HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT33178 ... ECFB&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx? ... CF1ECFB&q= %s&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Moved successfully.
C:\Users\Palii\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnbogmakocmjkbdbebnhokkghbamnhhf => Key deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta147\ch\VideoPlayerV3beta147.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hifnddafpdkmjljallgdlkjiiieidmec => Key not found.
"C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key not found.
"C:\Users\Palii\AppData\Local\Wajam\Chrome\wajam.crx" => File/Directory not found.
CltMngSvc => Service not found.
WajamUpdaterV3 => Service not found.
C:\Users\Palii\Downloads\installer_0_a_d__English (9).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (8).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (7).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (6).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (5).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (4).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (3).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (2).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English (1).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_0_a_d__English.exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 543004.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 626091.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 482844.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 3289.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 26722.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 940964.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 484781.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 432961.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 322914.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 972658.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 722831.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 171921.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 143535.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 496048.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 385109.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 195933.crdownload => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (28).exe => Moved successfully.
"C:\Windows\SysWOW64\SearchProtect" => File/Directory not found.
C:\Users\Palii\Downloads\FlvPlayerSetup (27).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (26).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (25).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (24).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (23).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (22).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (21).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (20).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (19).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (18).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (17).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (16).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (15).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (14).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (13).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (12).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (11).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (10).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (9).exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 175963.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 85310.crdownload => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (9).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (10).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (8).exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 491323.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 433498.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 384220.crdownload => Moved successfully.
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe => Moved successfully.
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe => Moved successfully.
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe => Moved successfully.
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 827079.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 343794.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 118477.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 655026.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 654576.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 849660.crdownload => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 658789.crdownload => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (8).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (7).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (6).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (5).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (4).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (3).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (2).exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup.exe => Moved successfully.
C:\Users\Palii\Downloads\DownloadManagerSetup (1).exe => Moved successfully.
C:\Users\Palii\Downloads\PCBoosterSetup.exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 742685.crdownload => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (17).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (16).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (15).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (14).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (13).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (12).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (11).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (9).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (10).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (8).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (7).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (6).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (5).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (4).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (3).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (2).exe => Moved successfully.
C:\Users\Palii\Downloads\installer_photoscape_English (1).exe => Moved successfully.
C:\Users\Palii\Downloads\Unconfirmed 413575.crdownload => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (8).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (7).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (6).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (5).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (4).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (3).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (2).exe => Moved successfully.
C:\Users\Palii\Downloads\FlvPlayerSetup (1).exe => Moved successfully.
"C:\Users\Deborah\AppData\Local\SearchProtect" => File/Directory not found.
C:\Users\Palii\Downloads\Setup (7).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (6).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (5).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (4).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (3).exe => Moved successfully.
"C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\OMG Music Plus-updater.job" => File/Directory not found.
"C:\Windows\Tasks\OMG Music Plus-codedownloader.job" => File/Directory not found.
"C:\Windows\Tasks\OMG Music Plus-enabler.job" => File/Directory not found.
"C:\Windows\System32\Tasks\OMG Music Plus-updater" => File/Directory not found.
"C:\Windows\System32\Tasks\OMG Music Plus-codedownloader" => File/Directory not found.
"C:\Windows\System32\Tasks\OMG Music Plus-enabler" => File/Directory not found.
"C:\Windows\Tasks\OMG Music Plus-chromeinstaller.job" => File/Directory not found.
"C:\Program Files (x86)\OMG Music Plus" => File/Directory not found.
"C:\Users\Palii\AppData\Local\Wajam" => File/Directory not found.
"C:\Program Files (x86)\Wajam" => File/Directory not found.
C:\Users\Palii\Downloads\Setup (2).exe => Moved successfully.
C:\Users\Palii\Downloads\Setup (1).exe => Moved successfully.
C:\LIL70CD.tmp => Moved successfully.
C:\LIL70AF.tmp => Moved successfully.
C:\LIL70AE.tmp => Moved successfully.
"C:\Users\Palii\Documents\Optimizer Pro" => File/Directory not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Users\Palii\AppData\Local\SearchProtect" => File/Directory not found.

==== End of Fixlog ====
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 17th, 2014, 5:38 pm

OK, looking good so far, still some work to do.

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Google Chrome
Java(TM) 6 Update 17 (64-bit)


When uninstalling Google Chrome and you're prompted to ... "Also delete your browsing data" ... please check the box.

Reboot your computer once both programs have been uninstalled.

Next

Download and install a new clean copy of Google Chrome ... https://www.google.com/intl/en_uk/chrome/browser/

Next

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe 
C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Cookies\palii@babylon[2".txt 
C:\ProgramData\Babylon
Reg: reg del "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_CURRENT_USER\Software\Trolltech"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

    • Save it to the same folder/directory that FRST.exe is in (ie your Desktop), naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe (your Desktop).

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • fixlog.txt
  • ESET.txt
  • Let me know how your computer is running now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby hamman » January 17th, 2014, 7:13 pm

Hello,

First here is the message I am getting when I try and find eset.com, but I will keep on trying


This page can’t be displayed

•Make sure the web address http://www.eset.com is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.


Here is the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 03
Ran by Palii at 2014-01-17 16:59:53 Run:2
Running from C:\Users\Palii\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe
C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe
C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Cookies\palii@babylon[2".txt
C:\ProgramData\Babylon
Reg: reg del "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_CURRENT_USER\Software\Trolltech"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit"
Reg: reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc"
Reg: reg del "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
*****************

"C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (1).exe" => File/Directory not found.
"C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (2).exe" => File/Directory not found.
"C:\Users\Palii\Downloads\iLividSetup-r484-n-bc (3).exe" => File/Directory not found.
"C:\Users\Palii\Downloads\iLividSetup-r484-n-bc.exe" => File/Directory not found.
"C:\Users\Palii\AppData\Roaming\Microsoft\Windows\Cookies\palii@babylon[2.txt" => File/Directory not found.
"C:\ProgramData\Babylon" => File/Directory not found.

========= reg del "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_CURRENT_USER\Software\Trolltech" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


========= reg del "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.


========= End of Reg: =========


==== End of Fixlog ====






Fix connection problems
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am

Re: ads popping up and redirectrion on website

Unread postby Gary R » January 18th, 2014, 9:04 am

Seems we had a bit of a problem with some of the script I gave you, so let's try again ...

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

If you can't get ESET to run, please try th following instead ....

Please run Microsoft Safety Scanner
  • Click Download Now (this is a large download, approx. 70Mb)
  • If you are asked about 32-bit or 64-bit, click on the type matching your Windows system.
  • If asked to Run or Save, choose Run.
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement.
  • Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
    • (If it finds nothing, it will just Exit. It still creates a report.)
    • If it has found anything, check the box titled "Help Remove potentially unwanted software"
      • Click Next (the Dialog label will become "Cleaning your computer").
      • After this operation completes, click Finish.
      • When removals are complete, it will report through a link, "View detailed results of the scan"
      • Clicking the link will popup a report in Notepad.
      • Please post the contents of the file in your reply.
      • The file is also saved in C:\Windows\debug\msert.log

Summary of the logs I need from you in your next post:
  • Latest fixlog.txt
  • Microsoft Safety Scanner log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: ads popping up and redirectrion on website

Unread postby hamman » January 18th, 2014, 4:57 pm

Hello,
Here is the log from the FRST program:





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 03
Ran by Palii at 2014-01-18 14:55:24 Run:3
Running from C:\Users\Palii\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc"
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus"
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

*****************


========= reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Trolltech (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\AppDataLow\Software\OMG Music Plus (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog ====
hamman
Active Member
 
Posts: 13
Joined: January 16th, 2014, 12:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware