addaware problems.

Discussion in 'Windows - Virus and spyware problems' started by Heaseba, Oct 5, 2013.

  1. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    You said
    "Also after we finish you can have your hubby come on with his puter and I fix him up...."

    He says "Thank you."
    File below.

    OTL logfile created on: 10/9/2013 9:17:26 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.21% Memory free
    7.99 Gb Paging File | 6.29 Gb Available in Paging File | 78.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 163.55 Gb Free Space | 61.56% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/09 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2013/10/08 18:29:19 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
    PRC - [2013/09/30 22:42:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/08 18:29:18 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    MOD - [2013/09/30 22:42:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/10/08 18:29:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/30 22:42:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/08/30 03:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/08/30 03:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/08/30 03:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/08/30 03:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/08/30 03:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/08/30 03:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/08/30 03:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/08/30 03:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/01/22 00:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/01/22 00:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/09/11 18:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
    IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.6.1
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02
    FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
    FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={BBE22C73-B31F-4116-BCFF-819129D30C21}&Version=3.6.5&Vintage=20120834&Defaultbrowserid=53&Productid=155&Vendorid=6477&Offerid=6894&searchterm="
    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 12:17:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/07 17:39:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/08 20:05:21 | 000,000,000 | ---D | M]

    [2012/03/14 09:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2013/09/26 20:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
    [2013/09/12 19:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
    [2013/10/08 20:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/09/30 22:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/09/30 22:42:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/09/30 22:42:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/01/28 15:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml

    ========== Chrome ==========

    CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

    O1 HOSTS File: ([2013/10/07 23:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/08 16:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
    O32 - AutoRun File - [2010/12/08 16:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/09 09:17:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2013/10/08 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF
    [2013/10/08 20:52:35 | 004,058,096 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\Administrator\Desktop\SumatraPDF-2.3.2-install.exe
    [2013/10/08 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/10/08 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/10/08 20:43:31 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/10/08 20:43:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/10/08 20:43:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/10/08 20:43:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/10/08 20:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/10/08 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/10/08 20:10:32 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Users\Administrator\Desktop\jxpiinstall.exe
    [2013/10/08 20:01:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2013/10/07 23:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/10/07 17:40:15 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/10/07 17:40:15 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/10/07 17:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/10/07 17:40:12 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/10/07 17:40:10 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/10/07 17:40:08 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/10/07 17:40:03 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/10/07 17:40:03 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/10/07 17:39:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/10/07 17:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/10/07 17:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/10/07 15:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
    [2013/10/07 14:53:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/10/05 18:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2013/10/05 17:56:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/10/05 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013
    [2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/09/30 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
    [2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

    ========== Files - Modified Within 30 Days ==========

    [2013/10/09 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2013/10/09 09:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/09 09:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    [2013/10/09 09:02:52 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/09 09:02:52 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/09 08:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/10/09 02:07:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    [2013/10/08 20:52:45 | 004,058,096 | ---- | M] (Krzysztof Kowalczyk) -- C:\Users\Administrator\Desktop\SumatraPDF-2.3.2-install.exe
    [2013/10/08 20:43:23 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/10/08 20:43:22 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2013/10/08 20:43:22 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/10/08 20:43:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/10/08 20:43:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/10/08 20:43:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/10/08 20:10:17 | 000,913,832 | ---- | M] (Oracle Corporation) -- C:\Users\Administrator\Desktop\jxpiinstall.exe
    [2013/10/08 20:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/08 18:29:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/10/08 18:29:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/10/07 23:33:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/10/07 23:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/07 23:32:21 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/07 17:40:16 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/10/07 17:40:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/10/05 10:19:50 | 000,003,011 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
    [2013/10/01 09:46:09 | 000,002,051 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/09/30 23:15:05 | 000,001,643 | ---- | M] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
    [2013/09/22 15:26:45 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\Documents\Pie crust.rtf
    [2013/09/21 22:36:02 | 000,011,193 | ---- | M] () -- C:\Users\Administrator\Documents\Rabbit costs.ods
    [2013/09/09 19:27:32 | 000,003,740 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    ========== Files Created - No Company Name ==========

    [2013/10/08 20:53:26 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
    [2013/10/07 17:40:16 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/10/07 17:40:07 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/10/07 17:40:06 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/10/07 17:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2013/10/05 10:19:50 | 000,003,011 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
    [2013/09/30 23:15:04 | 000,001,643 | ---- | C] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
    [2013/09/22 15:26:44 | 000,000,955 | ---- | C] () -- C:\Users\Administrator\Documents\Pie crust.rtf
    [2013/09/09 19:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/06/11 14:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/11 14:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/11 14:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/11 14:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/11 14:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
    [2011/12/13 10:46:50 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/22 13:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
    [2011/09/22 13:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
    [2011/09/22 13:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
    [2011/09/22 13:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
    [2011/09/22 13:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
    [2011/09/22 13:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
    [2010/03/21 21:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
    [2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/22 00:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >

    Are those blue highlighted items virus?Because I have no idea what the battlefield heroes is from and don't want it,or that 'bing' crap.
     
    Last edited: Oct 9, 2013
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Heather,

    Well, you were clean enough but, I’m fussy about sweeping up after. This will clean up the leftover remnants and clean behind the refrigerator, so to speak :)


    Run OTL Script

    I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

    Double-click OTL.exe to start the program.

    Copy and Paste the following code into the [​IMG]text box.

    Code:
    :Commands
    [clearallrestorepoints]
    
    :OTL
    DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
    FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
    O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    [2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
    [2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
    [2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Family Toolbar
    
    :Commands
    [PURITY]
    [emptytemp]
    
    
    Then click the Run Fix button at the top.
    Click OK.

    OTL may ask to reboot the machine. Please do so if asked.

    The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder:
    C:\_OTL\MovedFiles - It will be named – mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.



    On the malware front, you're clean! [​IMG]

    We have a couple last things to take care of and then you're good to go.

    Uninstall ComboFix from your computer:
    • Click on Start > Run
    • Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.

    [​IMG]

    Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

    Please download OTC to your desktop.
    • Double-click OTC to run it. (Win7 right click on OTC and select "Run as an Administrator")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
    • After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


    I had you remove SuperAntiSpyware because it is just not as good as MalwareBytes AntiMalware. So I suggest you download -> MBAM and use it once a week or so…


    That about does it so, let me know how things are doing.

    2oG
     
  3. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Service avgtp stopped successfully!
    Service avgtp deleted successfully!
    C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\ deleted successfully.
    C:\Program Files (x86)\Family Toolbar\tbhelper.dll moved successfully.
    Prefs.js: avg@toolbar:11.0.0.9 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
    C:\Program Files (x86)\Family Toolbar\tbcore3.dll moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully.
    C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully.
    C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\Logger folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\skin folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\zh-tw folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\zh-cn folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\tr folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\th folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sv folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sr folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sk folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ru folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ro folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pt-br folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pt folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pl folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\nl folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\nb folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ms folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ko folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ja folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\it folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\id folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\hu folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\hi folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\fr folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\fi folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\es-es folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\es folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\en folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\el folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\de folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\da folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\cs folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\af folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\locale\en-US folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\locale folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\components folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\chrome folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4 folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.1.4 folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\ChromeExt folder moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
    File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
    Folder C:\Program Files (x86)\AVG SafeGuard toolbar\ not found.
    File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
    C:\Users\Administrator\AppData\Local\fusioncache.dat moved successfully.
    C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
    C:\Program Files (x86)\Family Toolbar folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1515215 bytes
    ->Temporary Internet Files folder emptied: 41249441 bytes
    ->Java cache emptied: 10096949 bytes
    ->FireFox cache emptied: 309369378 bytes
    ->Google Chrome cache emptied: 114427287 bytes
    ->Flash cache emptied: 141524 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Heather Sebald
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10639286 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 670 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 465.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10092013_164051

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\_avast_\unp10953955.tmp not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    Last edited: Oct 9, 2013
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Heather,
    Let's not worry about it, you're clean. How is your computer doing now?
    You shouldn't have any problems and should be running faster...

    Avast! is very good and should keep you well protected. Run MalwareBytes ever so often and you will be able to keep the bad guys out.:)

    Have your Hubby come on to this thread and we will get him cleaned up also.

    Nice working with you. You did an excellent job and I thank you for not making it rough on me. LOL

    Til we meet again, have a "happy and safe surfing".

    2old Geek, The number "2" not Too, old with a small "o" and Geek with a Capital "G"

    I get the Bugs Out!

    [​IMG]
    Oops![​IMG]
     
  5. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    you are too funny... love the 'bug'.
    My comp is running better than I can ever remember it running, so you did an awesome job of helping this OLD (with a capital O) lady get sorted out.
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Oh, I did miss a bug.... I missed that note at the bottom of one of your posts.

    If you will run a Hijackthis Log and post it I think we can remove those with it..

    I just know you're not Old, I probably got socks older than you. LOL

    2oG
     
  7. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    This is Heaseba's hubby. I have a few issues with my comp as well. She told me you may be able to assist me with them. One is a Malwarebyte notification of a pmb.exe virus. Thank you.
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hello Alryss,

    I will be more than glad to assist you..

    First I need for you to run a few programs and post the Logs so I can see into your computer and determine what we will need to do in order to fix it...


    -Security Check-

    Download Security Check by screen317.
    Save it to your Desktop.

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.




    --AdwCleaner--

    Please download AdwCleaner by Xplode to your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).



    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.




    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    Please paste the logs in your next reply.
    Let me know what problem persists.

    2oG
     
  9. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Lost my password so had to remake the account. For the last 2 days, my computer has been freezing and stalling and driving me nuts...
     
  10. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
     
    Last edited: Oct 28, 2013
  11. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    He asked me to apologize for him. He didn't notice there was a 2nd page so thought you had not replied. He actually thought his post hadn't posted.
     
  12. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Here are the reports of the programs you asked for:
    Results of screen317's Security Check version 0.99.74
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Spybot - Search & Destroy
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 11.7.700.224
    Adobe Reader XI
    Mozilla Firefox (24.0)
    Google Chrome 30.0.1599.101
    Google Chrome 30.0.1599.69
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    ----------------------------------------------------------------------------
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Windows 7 Ultimate x64
    Ran by Administrator on Mon 10/28/2013 at 11:40:26.56
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF501D62-E51C-4FA1-916E-5680531EAA5F}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{362269bd-c93c-460f-9255-3bd667eb7f0a}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\visualbeeclient"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\iwonie"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bigp7qk9.default\extensions\fgegmtgkxq@fgegmtgkxq.org.xpi [Tracur]
    Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bigp7qk9.default\minidumps [89 files]



    ~~~ Event Viewer Logs were cleared

    ------------------------------------------------------------------
    RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 10/28/2013 11:55:38
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 24 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\Administrator\Desktop\utorrent.exe" [7]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-19\[...]\Run : Apple (rundll32.exe "C:\Users\Administrator\AppData\Local\Apps\Apple\lylkgxka.dll",DllRegisterServer [x][x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-20\[...]\Run : Apple (rundll32.exe "C:\Users\Administrator\AppData\Local\Apps\Apple\lylkgxka.dll",DllRegisterServer [x][x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2499208692-1834819155-3519375275-500\[...]\Run : uTorrent ("C:\Users\Administrator\Desktop\utorrent.exe" [7]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB8232 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD3154 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB9464 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD623 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB2627 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD8392 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB8232 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD3154 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB9464 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD623 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB2627 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD8392 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [BROK VAL] HKCR\[...]\command : () -> CREATED ("%1" %*)

    ¤¤¤ Scheduled tasks : 4 ¤¤¤
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{ADD8AE58-934A-4DC2-BC99-F1A517B60908}.exe - --uninstall=1 [x] -> DELETED
    [V2][ROGUE ST] 4790 : wscript.exe - C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{ADD8AE58-934A-4DC2-BC99-F1A517B60908}.exe - --uninstall=1 [x] -> ERROR DELETING TASK
    [V2][SUSP PATH] VisualBeeRecovery : C:\Users\Administrator\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe - /s [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-75A7B0 ATA Device +++++
    --- User ---
    [MBR] f1fee3af5807ba734d5a4b30e66cb16a
    [BSP] 9c75935db8957562dda106d67294767c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
    --- User ---
    [MBR] 4dd5e74579c1c842a6af9bcb29d47aa1
    [BSP] 2bbbc00a79a32f5787f23fb6c6762e51 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 622aaacc0368c2844e82777eea019a88
    [BSP] 90a0ef11c76e8dcd1160fa81e496d5ce : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_10282013_115538.txt >>
    RKreport[0]_S_10282013_115407.txt
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    1.)Update your Win 7 and install SP1.

    2.)Uninstall Ad-Aware and install Avast 9 - it's much better!

    3.)Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Uninstall Java(TM) 6 Update 24

    4.)Upgrading Java:
    • Download the latest version of JRE 7 Update 45.
    • Click the "Free Java Download" button.
    • Click the “Agree and Start Free Download” button.
    • Click on the download link for your system and save it to your desktop.
    Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")


    5.)--OTL--

    Please download OTL by OldTimer to your Desktop.

    If you already have a copy of OTL, delete it and use this version.

    Double click OTL.exe to launch the program.

    Check the following.
    Scan all users.
    Standard Output.
    Lop check.
    Purity check.
    Under Extra Registry section, select Use SafeList
    Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

    When finished it will produce two logs.
    OTL.txt (open on your desktop).
    Extras.txt (minimized in your taskbar)

    Please post me both logs

    2oG

    P.S. please have Heather59 start a new thread so I may help her. At 71 it's very difficult to multi-task in the same thread. Very confusing..[​IMG]
     
  14. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    NVM I downloaded and ran malwarebytes. found 66 issues and cleaned those. I think I may be ok for now. I will scream for help, if I find I still need it. Thanks :D
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Gee Heather, I can't understand how you came up with that many issues. The last Log I have for you was clean. I sure would like to see that Log. You sure you have your AV running?

    The log can be found in MBAM under the Logs Tab.

    2oG
     
  16. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    No.. I'm not sure. The icon is in the toolbar, but I can't find a way to scan. Does it run automatically, or do you have to set something on it?
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Are we talking about the MBAM icon or the AV icon.. Which program are we looking at to scan with? Sorry, confused:(
     
  18. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    avast..actually. This is my latest malwarebytes log..
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.10.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: HEATHERPC [administrator]

    Protection: Enabled

    11/10/2013 7:45:47 PM
    mbam-log-2013-11-10 (19-45-47).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 388349
    Time elapsed: 40 minute(s), 8 second(s)

    Memory Processes Detected: 2
    C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro) -> 3592 -> Delete on reboot.
    C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> 4296 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 25
    HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    HKCR\CLSID\{d99a4ec9-00bd-4fe4-85a5-4db018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{6f2d4806-f281-4721-89f4-9835bb9eb954} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{5B725BC8-C263-4783-BE79-D3A812FBB42B} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D99A4EC9-00BD-4FE4-85A5-4DB018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
    HKCU\Software\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\dosearchesSoftware (PUP.Optional.DoSearches.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKCR\Toolbar.CT3314312 (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKCR\CLSID\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.

    Registry Values Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Data: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Quarantined and deleted successfully.
    HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://domore.pcutilitiespro.revenu...3-US-002_A321702A-D7AC-6C40-A4D6-310CEABE778D -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: ¿—ì“CþÊK§5\]j
    @Ä -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: SweetPacks A5 Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 6
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.OptimizerPro.A) -> Bad: (c:\progra~2\optimi~1\optpro~1.dll) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 5
    C:\Program Files (x86)\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Delete on reboot.
    C:\Users\Administrator\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5 (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.

    Files Detected: 52
    C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\Program Files (x86)\SaltarSmart\SaltarSmartBHO.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNREA1Z5\Setup[1].exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Temp\fullpackage_temp\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\parent.txt (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\software\SaltarSmart_tg.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\Desktop\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SaltarSmart\SaltarSmart.ico (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SaltarSmart\chdboodilddefglllfoimeceomkpmkbi.crx (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SaltarSmart\SaltarSmartUninstall.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SaltarSmart\sqlite3.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
    C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.InstallState (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Users\Administrator\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\GottenAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\hk64tbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\hktbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\ldrtbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\OtherAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\SharedAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\tbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\toolbar.cfg (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SweetPacks_A5\ToolbarContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
     
    Last edited: Nov 10, 2013
  19. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    you sure did have a bunch of nasties there.
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You should be able to click the AVAST icon and then click Scan or Quick Scan for it to run..

    Please DO NOT use the "Reply button" when posting. With these Big Logs it gets too hard to keep up with everything.

    You were clean what happened? [​IMG]

    These guys get bundled with other downloads and you really have to watch out when downloading so as not to include them in your install:

    Optimizer Pro
    SaltarSmart
    Sweetpacks
    DoSearches



    With everything I can see from that Log, let's just start Fresh...


    -Security Check-

    Download Security Check by screen317.
    Save it to your Desktop.

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.




    --AdwCleaner--

    Please download AdwCleaner by Xplode to your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).



    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.




    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    Please paste the logs in your next reply. DO NOT use the "reply" button. :)
    Let me know what problems you are having and we can go from there.
     

Share This Page