Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random Pop ups and phantom links!! HELP!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Random Pop ups and phantom links!! HELP!!

Unread postby pgmigg » April 12th, 2014, 12:43 am

Hello tdc2719,

I'm getting pretty excited my friend!! :o I'm not seeing any pop ups or hyperlinks :mrgreen:
I am glad to read it, but we are not finished yet! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe
    C:\Users\Tracy\Downloads\Download\iobit-uninstaller.exe
    C:\Users\Tracy\Downloads\Download\iobit-uninstaller.exe.dat
    C:\Users\Tracy\AppData\Local\Apple Computer\Safari\LocalStorage\https_secure.imvu.com_0.localstorage
    C:\Users\Tracy\AppData\Local\Apple Computer\Safari\LocalStorage\http_www.imvu.com_0.localstorage
    C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.imvu.com_0.localstorage
    C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.imvu.com_0.localstorage-journal
    C:\Users\Tracy\AppData\Local\Microsoft\Internet Explorer\DOMStore\SW2FR3YF\www.imvu[1].xml
    C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4L3856VO\secure.imvu[1].xml
    C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\53ZJJVYH\www.imvu[1].xml
    C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ASDUXTYB\www.imvu[1].xml
    C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F5V9WD42\www.imvu[1].xml
    C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L2XQBUZ9\secure.imvu[1].xml
    C:\ProgramData\IObit
    C:\Users\All Users\IObit
    C:\Temp\Iminent
    C:\Users\Tracy\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_IMVUClient.exe_fcd02ec2d3ea62d899abedd3a953dc6a6efc_12b5890c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\conduit_CT2612669]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "FaviconURL"=-
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\AppDataLow\conduit_CT2612669]
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "URL"=-
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "FaviconURL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F23182-AE7D-40C8-A32C-73BF8FFDE7FB}]
    "Path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Tracy\AppData\Local\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Tracy\AppData\Local\iLivid]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1250-n-bf.exe]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Tracy\AppData\Local\iLivid]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Tracy\AppData\Local\iLivid]
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe"=-
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://10.10.0.1:9988/cgi-bin/login?msgtype=login&ssid=1&logintype=3&username=VpnNoAuthUser&password=*****&sessionid=%89%8c%83%95a%a1%97%a4%acy%bc%bb%be&ip_address=10.10.0.27&redirecturl=http://search.iminent.com/?appId=11111111]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/?appId=11111111]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/SearchTheWeb/v4/1033/homepage/Default.aspx]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\search.iminent.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15452115_0]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    "00000000000000000000000000000000"=-
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://10.10.0.1:9988/cgi-bin/login?msgtype=login&ssid=1&logintype=3&username=VpnNoAuthUser&password=*****&sessionid=%89%8c%83%95a%a1%97%a4%acy%bc%bb%be&ip_address=10.10.0.27&redirecturl=http://search.iminent.com/?appId=11111111]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/?appId=11111111]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/SearchTheWeb/v4/1033/homepage/Default.aspx]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\search.iminent.com]
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15452115_0]
    @=""
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc_C]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2886fdf8_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\304d8887_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3feed500_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\408e2c21_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6af819e8_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\94b2fb38_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3233f2_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ba3d0a1a_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Users\Tracy\AppData\Roaming\IMVUClient\IMVUClient.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\IMVUClient.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Users\Tracy\AppData\Roaming\IMVUClient\IMVUClient.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVUClient_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVUClient_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncAutoUpdateHelper_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncAutoUpdateHelper_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncToolbarHelper_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncToolbarHelper_RASMANCS]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc_C]
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2886fdf8_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\304d8887_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3feed500_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\408e2c21_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6af819e8_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\94b2fb38_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3233f2_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ba3d0a1a_0]
    @=""
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Users\Tracy\AppData\Roaming\IMVUClient\IMVUClient.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
    "00000000000000000000000000000000"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "DisplayName"=-
    [HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915]
    "DisplayName"=-
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of a OTL.txt log file after fresh OTL scan
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 12th, 2014, 10:50 pm

I'm sorry for the delay I have become quite ill. I have 2 of the 3 scans done I'm gonna try and get the eset scan done later tonight or in the morning according to how well I'm feeling. Just wanted you to know why the delay on the scans.
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby pgmigg » April 12th, 2014, 11:26 pm

Hello tdc2719,

I'm sorry for the delay I have become quite ill. I have 2 of the 3 scans done I'm gonna try and get the eset scan done later tonight or in the morning according to how well I'm feeling. Just wanted you to know why the delay on the scans.
Thank you!
Please get well - health should always come first! :)

pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 13th, 2014, 4:55 pm

A. All scans went well no issues executing at all

B.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe moved successfully.
C:\Users\Tracy\Downloads\Download\iobit-uninstaller.exe moved successfully.
C:\Users\Tracy\Downloads\Download\iobit-uninstaller.exe.dat moved successfully.
C:\Users\Tracy\AppData\Local\Apple Computer\Safari\LocalStorage\https_secure.imvu.com_0.localstorage moved successfully.
C:\Users\Tracy\AppData\Local\Apple Computer\Safari\LocalStorage\http_www.imvu.com_0.localstorage moved successfully.
C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.imvu.com_0.localstorage moved successfully.
C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.imvu.com_0.localstorage-journal moved successfully.
C:\Users\Tracy\AppData\Local\Microsoft\Internet Explorer\DOMStore\SW2FR3YF\www.imvu[1].xml moved successfully.
C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4L3856VO\secure.imvu[1].xml moved successfully.
C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\53ZJJVYH\www.imvu[1].xml moved successfully.
C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ASDUXTYB\www.imvu[1].xml moved successfully.
C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F5V9WD42\www.imvu[1].xml moved successfully.
C:\Users\Tracy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L2XQBUZ9\secure.imvu[1].xml moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File\Folder C:\Users\All Users\IObit not found.
C:\Temp\Iminent folder moved successfully.
C:\Users\Tracy\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_IMVUClient.exe_fcd02ec2d3ea62d899abedd3a953dc6a6efc_12b5890c folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\conduit_CT2612669\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\URL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\FaviconURL deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\AppDataLow\conduit_CT2612669\ not found.
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\URL not found.
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\FaviconURL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F23182-AE7D-40C8-A32C-73BF8FFDE7FB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Tracy\AppData\Local\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Tracy\AppData\Local\iLivid\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1250-n-bf.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Tracy\AppData\Local\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Tracy\AppData\Local\iLivid\ not found.
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe not found.
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://10.10.0.1:9988/cgi-bin/login?msgtype=login&ssid=1&logintype=3&username=VpnNoAuthUser&password=*****&sessionid=%89%8c%83%95a%a1%97%a4%acy%bc%bb%be&ip_address=10.10.0.27&redirecturl=http://search.iminent.com/?appId=11111111\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/?appId=11111111\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/SearchTheWeb/v4/1033/homepage/Default.aspx\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\search.iminent.com\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15452115_0\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://10.10.0.1:9988/cgi-bin/login?msgtype=login&ssid=1&logintype=3&username=VpnNoAuthUser&password=*****&sessionid=%89%8c%83%95a%a1%97%a4%acy%bc%bb%be&ip_address=10.10.0.27&redirecturl=http://search.iminent.com/?appId=11111111\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/?appId=11111111\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.iminent.com/SearchTheWeb/v4/1033/homepage/Default.aspx\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Avast Software\WRC\RatingStorage\search.iminent.com\ not found.
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15452115_0\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc_C\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2886fdf8_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\304d8887_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3feed500_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\408e2c21_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6af819e8_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\94b2fb38_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3233f2_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ba3d0a1a_0\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Users\Tracy\AppData\Roaming\IMVUClient\IMVUClient.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\IMVUClient.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVUClient_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVUClient_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncAutoUpdateHelper_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncAutoUpdateHelper_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncToolbarHelper_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IMVU_IncToolbarHelper_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2314919567-2811087668-141971273-1000\Software\IMVU_Inc_C\ not found.
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2886fdf8_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\304d8887_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3feed500_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\408e2c21_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6af819e8_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\94b2fb38_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3233f2_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ba3d0a1a_0\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Users\Tracy\AppData\Roaming\IMVUClient\IMVUClient.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\DisplayName deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Internet Explorer\SearchScopes\B628E64EF4794EFAAFFBAABD1206B915\\DisplayName not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tracy
->Temp folder emptied: 2807387 bytes
->Temporary Internet Files folder emptied: 3272579 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84746770 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 422113 bytes

Total Files Cleaned = 87.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Tracy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Tracy
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04122014_012712

Files\Folders moved on Reboot...
C:\Users\Tracy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 13th, 2014, 4:57 pm

OTL logfile created on: 4/12/2014 1:33:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 62.33% Memory free
5.20 Gb Paging File | 4.04 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.07 Gb Total Space | 401.42 Gb Free Space | 88.79% Space Free | Partition Type: NTFS

Computer Name: TRACY-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/11 11:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
PRC - [2014/03/19 21:17:52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/30 19:09:08 | 002,990,304 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/21 00:09:54 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/31 21:57:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 22:56:29 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/25 22:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 22:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 22:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 17:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/21 02:40:34 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/20 23:33:34 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/09 20:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{6910B5F6-E2B7-47EA-A900-E5DA82356BF4}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6910B5F6-E2B7-47EA-A900-E5DA82356BF4}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\..\SearchScopes,DefaultScope = {D4CBB3BD-6196-4B77-A3F1-D55718342922}
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\..\SearchScopes\{C4EA5D55-8DA0-4574-B304-A2B24722523A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\..\SearchScopes\{C70CB082-989A-42A5-A71E-DA6A6D253C2D}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS459
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\..\SearchScopes\{D4CBB3BD-6196-4B77-A3F1-D55718342922}: "URL" = http://www.bing.com/search?FORM=BDT5DF& ... =082313&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/01/30 10:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/31 21:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/31 21:57:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/31 21:57:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/31 21:57:11 | 000,000,000 | ---D | M]

[2014/04/11 19:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\mozilla\Extensions
[2007/12/17 13:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2012/11/12 03:48:03 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.facebook.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2314919567-2811087668-141971273-1000..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2314919567-2811087668-141971273-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2314919567-2811087668-141971273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Download Photo... - C:\Program Files (x86)\DelorTech, Ltd\dfp 1.0\FBDownloader.dll (DelorTech, Ltd)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download Photo... - C:\Program Files (x86)\DelorTech, Ltd\dfp 1.0\FBDownloader.dll (DelorTech, Ltd)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83DF2390-6955-4E5D-B6E2-A523B0B78AEB}: DhcpNameServer = 10.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD8D8D44-C99A-4463-ACFD-C0040303F56A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26F29B9-266B-4AF9-B233-1DD79F1A164E}: DhcpNameServer = 10.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26F29B9-266B-4AF9-B233-1DD79F1A164E}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{0764c7b0-62d3-11e1-bd5a-00266cd7f224}\Shell - "" = AutoRun
O33 - MountPoints2\{0764c7b0-62d3-11e1-bd5a-00266cd7f224}\Shell\AutoRun\command - "" = E:\LiteAuto.exe
O33 - MountPoints2\{44c3fd3d-2948-11e1-ba1f-00266cd7f224}\Shell - "" = AutoRun
O33 - MountPoints2\{44c3fd3d-2948-11e1-ba1f-00266cd7f224}\Shell\AutoRun\command - "" = E:\PcOptions.exe
O33 - MountPoints2\{76d3ed72-b02f-11e2-b29c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76d3ed72-b02f-11e2-b29c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:repair /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/11 21:30:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/11 19:34:24 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/04/11 19:14:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/11 11:55:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/04/09 19:09:53 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/04/09 19:09:53 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/04/09 19:09:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/04/09 19:09:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/04/09 19:06:59 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/09 19:06:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/09 19:06:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/09 19:06:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/09 19:06:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/09 19:06:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/09 19:06:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/09 19:06:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/09 19:06:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/09 19:06:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/03/31 21:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/31 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/13 17:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2014/03/13 17:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo

========== Files - Modified Within 30 Days ==========

[2014/04/12 01:38:27 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 01:38:27 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 01:31:12 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/12 01:31:08 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/04/12 01:31:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/12 01:30:55 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/12 01:02:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/12 00:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/12 00:34:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-2314919567-2811087668-141971273-1000.job
[2014/04/11 23:52:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2014/04/11 21:44:12 | 000,165,376 | ---- | M] () -- C:\Users\Tracy\Desktop\SystemLook_x64.exe
[2014/04/11 21:29:14 | 001,426,178 | ---- | M] () -- C:\Users\Tracy\Desktop\adwcleaner.exe
[2014/04/11 19:34:24 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/04/11 11:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/04/11 03:29:08 | 000,025,088 | ---- | M] () -- C:\Users\Tracy\Desktop\codecheck.exe
[2014/04/11 03:25:18 | 000,468,480 | ---- | M] () -- C:\Users\Tracy\Desktop\CKScanner.exe
[2014/04/11 02:27:33 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/10 21:03:14 | 000,787,110 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/10 21:03:14 | 000,665,586 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/10 21:03:14 | 000,124,030 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/02 16:29:45 | 000,002,068 | ---- | M] () -- C:\Users\Tracy\Desktop\messenger.lnk
[2014/04/01 18:05:36 | 000,003,401 | ---- | M] () -- C:\Users\Tracy\Documents\updatedresume2014.rtf
[2014/03/31 17:52:35 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/14 22:56:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/14 22:56:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/14 14:53:31 | 000,356,704 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/13 17:22:42 | 000,085,465 | ---- | M] () -- C:\Users\Tracy\Documents\manualRequestForm.pdf
[2014/03/13 17:06:08 | 000,000,977 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014/03/13 17:06:08 | 000,000,977 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014/03/13 17:06:08 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014/03/13 17:06:08 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk

========== Files Created - No Company Name ==========

[2014/04/11 21:44:11 | 000,165,376 | ---- | C] () -- C:\Users\Tracy\Desktop\SystemLook_x64.exe
[2014/04/11 21:29:13 | 001,426,178 | ---- | C] () -- C:\Users\Tracy\Desktop\adwcleaner.exe
[2014/04/11 03:29:07 | 000,025,088 | ---- | C] () -- C:\Users\Tracy\Desktop\codecheck.exe
[2014/04/11 03:25:15 | 000,468,480 | ---- | C] () -- C:\Users\Tracy\Desktop\CKScanner.exe
[2014/04/02 16:29:45 | 000,002,068 | ---- | C] () -- C:\Users\Tracy\Desktop\messenger.lnk
[2014/04/01 18:05:36 | 000,003,401 | ---- | C] () -- C:\Users\Tracy\Documents\updatedresume2014.rtf
[2014/03/13 17:22:42 | 000,085,465 | ---- | C] () -- C:\Users\Tracy\Documents\manualRequestForm.pdf
[2014/03/13 17:06:08 | 000,000,977 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014/03/13 17:06:08 | 000,000,977 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014/03/13 17:06:08 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014/03/13 17:06:08 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2013/11/06 23:26:40 | 000,268,968 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
[2013/05/13 02:54:39 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/11/19 21:11:32 | 000,000,059 | ---- | C] () -- C:\Users\Tracy\AppData\Local\UserProducts.xml

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 13th, 2014, 4:58 pm

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DP1815\47220.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DP1815\47220.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DP1815\DP1815-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DP1815\DP1815-firefoxinstaller.exe.vir Win32/Toolbar.CrossRider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tracy\AppData\Local\Conduit\CT2612669\IMVU_IncAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Tracy\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\Users\Tracy\Downloads\cbsidlm-cbsi183-Toolbar_Remover-ORG-75699732.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows\Installer\MSIF90B.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\_OTL\MovedFiles\04112014_191436\C_Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif\10.26.4.12_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\_OTL\MovedFiles\04112014_191436\C_Users\Tracy\AppData\Roaming\mozilla\Firefox\Profiles\trqg0kh3.default-1373862004322\extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\04112014_191436\C_Users\Tracy\AppData\Roaming\mozilla\Firefox\Profiles\trqg0kh3.default-1373862004322\extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\04122014_012712\C_Users\Tracy\Downloads\iLividSetup-r1250-n-bf.exe Win32/iLivid.A potentially unwanted application



Computer is much much better!!
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby pgmigg » April 14th, 2014, 12:06 am

Hello tdc2719,

Very nice job! Let continue our treatment... :D

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • SELECT "Show hidden files and folders"
    • Remove check mark from check box "Hide extensions for known file types"
    • Remove check mark from check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\Tracy\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx
C:\Users\Tracy\Downloads\cbsidlm-cbsi183-Toolbar_Remover-ORG-75699732.exe
C:\Windows\Installer\MSIF90B.tmp


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total or Jotti.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 14th, 2014, 7:19 am

tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby pgmigg » April 14th, 2014, 10:59 pm

Hello tdc2719,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 0.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Users\Tracy\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx
    C:\Users\Tracy\Downloads\cbsidlm-cbsi183-Toolbar_Remover-ORG-75699732.exe
    C:\Windows\Installer\MSIF90B.tmp
    
    :Commands
    [EMPTYTEMP]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (8) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Check "Accept License Agreement"
  3. Locate the .exe entry for Windows x64, click on the associated file name, and save the jre-8-windows-x64.exe file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-8-windows-x64.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

Step 2.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 3.
OTL - Run Safe Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 5.
Remove all used tools and their log files not removed by OTL if they remain on your desktop.
  • AdwCleaner
  • DDS
  • JRT
  • SystemLook

Then:
Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Random Pop ups and phantom links!! HELP!!

Unread postby tdc2719 » April 15th, 2014, 1:51 am

I would just like to say thank you very much! This is the only site I have EVER used to treat my computer my moms computer my sisters computer lol. I'm the only one with the patience to do the clean up. I have only had to treat my computer one other time back in 2007. I was using p2p program illiterate to the dangers but thanks to this site I was informed. This time i let my daughters boyfriend use my laptop and he clicked some wrong links. Needless to say I recommend you to all my friends and I will always be consistent in choosing you guys to help me out. Thanks Again so very much and Have a blessed Passover, an awesome Good Friday, and a very very Happy Easter!

Tracy
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: Random Pop ups and phantom links!! HELP!!

Unread postby pgmigg » April 15th, 2014, 2:53 pm

Thank you Tracy for your warm words!

You are very welcome! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Random Pop ups and phantom links!! HELP!!

Unread postby Gary R » April 15th, 2014, 3:03 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware