Advertisment pop-ups while browsing internet; possible malware


Recommended Posts

While browsing internet; I get a lot of pop-ups.  Pop-ups for PC clean-up download, Adobe reader download, Real player download, department store advertisements, video clips start playing out of the blue, algorithm, phishing, malware, computer is infected etc. Please help.

Link to post
Share on other sites

Hi Sylvia, hate to see you back so soon ! But let's see what we can find !

 

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



Full System Scan with Malwarebytes Antimalware
 

    Please download http://www.malwarebytes.org/mbam-download.php Malwarebytes !

    Double-click mbam-setup-exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.



NEXT



Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. DDS logs (2 logs)
Thanks
Chuck
 

Link to post
Share on other sites

Thanks for the logs, still a mystery why you can't post those logs !

 

Nothing looks real bad !

 

Post the other logs when you get them, try post the same as you did with the JRT.txt log above !!

 

Thanks

Chuck

Link to post
Share on other sites

smgarcia, wow ................. how did you pick up so many unwanted programs in such a short time ?

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

 

 

 

 

=============================

 

 

 

 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

 

 

 

 

 

======================

 

 

 

Please download SystemLook from the link below and save it to your Desktop.
For 32 bit Systems  >>>  http://downloads.malwareremoval.com/SystemLook/SystemLook.exe
For 64 bit Systems  >>>  http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe

    * Double-click SystemLook.exe to run it.
    * Copy and paste the contents of the following code box into the main textfield:

: Select all     :filefind     *Fun4IM*     *Bandoo*     *Searchnu*     *Searchqu*     *iLivid*     *whitesmoke*     *datamngr*     *trolltech*     *babylon*     *conduit*    :folderfind    *Fun4IM*    *Bandoo*    *Searchnu*    *Searchqu*    *iLivid*    *whitesmoke*    *datamngr*    *trolltech*    *babylon*    *conduit*    :Regfind     Fun4IM     Bandoo     Searchnu     Searchqu     iLivid     whitesmoke     datamngr     trolltech     babylon     conduit

    * Click the Look button to start the scan.
    * When finished, a notepad window will open with the results of the scan.
    * Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 

 

Post Next:

1. OTL Log

2. RougeKiller Log

3. SystemLook log

 

Post those logs when you can !

 

Thanks

Chuck

Link to post
Share on other sites

Did you try hitting the more reply options & posting threw there ?? If not try clicking the envelope at the top left & sending me a message !!

I need that OTL log !!

 

Chuck

Link to post
Share on other sites

Sylvia's OTL log sent to me in a PM because she can't paste to topic !

 

 

OTL logfile created on: 7/2/2014 3:03:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sylvia Garcia\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.92% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 188.65 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
 
Computer Name: SYLVIAGARCIA-PC | User Name: Sylvia Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/02 15:00:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sylvia Garcia\Downloads\OTL.com
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/17 11:59:28 | 004,680,568 | ---- | M] (PC Drivers Headquarters) -- C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
PRC - [2014/01/12 04:06:44 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 09:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2012/11/20 15:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/09 19:33:12 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014/06/09 19:33:09 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/06/09 19:32:50 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/06/09 19:32:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\27d6a35533978defe1fc51fb84edb058\System.Data.ni.dll
MOD - [2014/06/09 19:31:05 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/17 11:24:00 | 000,428,448 | ---- | M] () -- C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
MOD - [2014/02/13 04:32:23 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/13 04:26:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:25:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:25:33 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll
MOD - [2014/02/13 04:25:29 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:25:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:25:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/11/20 15:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/13 21:31:32 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/02/28 21:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/12 04:12:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/11/28 12:32:28 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 1E 03 73 4D 0E CF 01  [binary data]
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\scilearn.com/ASRPlugin2: C:\Program Files\ScientificLearningCorporation\ASRPlugin2\2.3.0.0\npASRPlugin2_2.3.0.0.dll (Scientific Learning Corporation)
FF - HKLM\Software\MozillaPlugins\scilearn.com/ASRPluginCheck: C:\Program Files\ScientificLearningCorporation\ASRPluginCheck\1.0.0.0\npASRPluginCheck.dll (Scientific Learning Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Sylvia Garcia\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sylvia Garcia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Sylvia Garcia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sylvia Garcia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sylvia Garcia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C84E2F89-F883-97B9-5382-1226EEEAD045}: C:\Program Files\BlockAndSurfS\173.xpi
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.inbox.com/homepage.aspx?tbid=80969&iwk=298&lng=en
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Plus-HD-V1.3 = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm\12023.8578.4332_0\crossrider
CHR - Extension: Plus-HD-V1.3 = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm\12023.8578.4332_0\
CHR - Extension: Skype Click to Call = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Sylvia Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/06/12 16:45:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [Driver Support] C:\Program Files\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Sylvia Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {63F0EC82-403A-4936-A664-9D05A4727049} http://install.inetstudy.co.kr/Sisa20/NSInstallAx.cab (NSInstall Control)
O16 - DPF: {94EB25BD-3FBA-4A6D-9086-103F3B6EC9EE} http://939.co.kr/data_dir/ezhelp/ActiveX/ezHelpLauncher20140316220215.cab (ezHelpServerLauncher Control)
O16 - DPF: {A5261EF0-76F0-4D9C-891C-56813163D9DA} http://as82.kr/download/_cab/KoinoLoader.cab (KoinoLoader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84016E75-D933-4D53-AEE3-51FA64F1C4CA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/02 02:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/01 11:35:13 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/01 11:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/01 11:34:37 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/01 11:34:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/07/01 11:34:37 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/07/01 11:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/01 11:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/15 17:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/06/15 17:09:23 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\AppData\Local\Macromedia
[2014/06/15 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\AppData\Local\Mozilla
[2014/06/15 17:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/06/12 17:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/06/12 17:41:07 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/10 23:40:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/10 23:40:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/10 23:40:41 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/10 23:40:36 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/10 23:40:36 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/06/10 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\Desktop\YBM JSQ video clips
[2014/06/10 09:45:15 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\Desktop\Pay Calculation for JSQ
[2014/06/10 09:42:43 | 000,000,000 | ---D | C] -- C:\Users\Sylvia Garcia\Desktop\Microsoft word Documents
[2014/06/09 19:13:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/09 19:08:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/09 19:07:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/08 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\Users\Sylvia Garcia\AppData\Local\*.tmp files -> C:\Users\Sylvia Garcia\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/02 15:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2375953999-3041022653-1334519409-1000UA.job
[2014/07/02 14:57:45 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/02 14:57:45 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/02 14:50:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/02 14:50:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2014/07/02 14:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/02 14:50:27 | 1602,441,216 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/02 08:44:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/02 04:58:37 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sylvia Garcia.job
[2014/07/02 02:45:42 | 000,002,747 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\RKreport.text
[2014/07/02 02:30:18 | 000,035,152 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/07/02 02:29:56 | 004,721,240 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\RogueKiller.exe
[2014/07/02 01:39:04 | 000,046,352 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Marcos 2.jpg
[2014/07/02 01:36:27 | 000,095,130 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\family.jpg
[2014/07/02 01:31:01 | 000,049,959 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Marcos car.jpg
[2014/07/02 01:30:37 | 000,038,526 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Graduation Marcos.jpg
[2014/07/02 01:27:37 | 000,074,173 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\The boys.jpg
[2014/07/02 01:27:06 | 000,035,839 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Marcos and Neveah.jpg
[2014/07/02 01:25:10 | 000,096,146 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\mom and marcos.jpg
[2014/07/02 01:24:33 | 000,057,517 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Marcos.jpg
[2014/07/01 17:07:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2375953999-3041022653-1334519409-1000Core.job
[2014/07/01 12:00:20 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/01 11:34:50 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/01 09:28:24 | 000,085,780 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\me.jpg
[2014/06/30 07:15:54 | 000,248,862 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\1000 High Frequency Words.pdf
[2014/06/30 07:12:51 | 000,248,862 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\First hundered High frequency words.pdf
[2014/06/29 08:11:37 | 000,079,007 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\her kids.jpg
[2014/06/29 08:11:03 | 000,047,801 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\mother and I.jpg
[2014/06/29 08:09:36 | 000,106,782 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\us.jpg
[2014/06/26 07:33:33 | 000,043,192 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\aaa.JPG
[2014/06/18 00:39:37 | 001,241,088 | ---- | M] () -- C:\Users\Sylvia Garcia\AppData\Local\ChromeHitoryDB
[2014/06/17 00:47:35 | 000,118,128 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\mrpfc01_a4.pdf
[2014/06/16 23:43:35 | 000,118,128 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\The Alphabet.pdf
[2014/06/16 17:10:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/06/15 17:42:21 | 000,002,236 | ---- | M] () -- C:\Users\Sylvia Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/15 17:23:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/12 17:41:07 | 000,001,233 | ---- | M] () -- C:\Users\Sylvia Garcia\Desktop\Revo Uninstaller.lnk
[2014/06/12 16:45:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/12 14:47:13 | 000,000,546 | ---- | M] () -- C:\Windows\System32\schtasks.bin
[2014/06/12 01:37:24 | 002,123,430 | ---- | M] () -- C:\Users\Sylvia Garcia\Documents\T-C-148-Weather-And-Season-Day-Calendar.pdf
[2014/06/12 01:36:45 | 007,917,242 | ---- | M] () -- C:\Users\Sylvia Garcia\Documents\T-L-069-Alphabet-picture-posters-mnenomic.pdf
[2014/06/10 23:43:12 | 000,000,071 | ---- | M] () -- C:\Users\Sylvia Garcia\AppData\Roaming\WB.CFG
[2014/06/09 18:24:42 | 000,000,000 | ---- | M] () -- C:\Cookies
[2014/06/08 02:48:16 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/08 02:43:43 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[1 C:\Users\Sylvia Garcia\AppData\Local\*.tmp files -> C:\Users\Sylvia Garcia\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/02 02:45:42 | 000,002,747 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\RKreport.text
[2014/07/02 02:30:18 | 000,035,152 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/07/02 02:30:00 | 004,721,240 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\RogueKiller.exe
[2014/07/02 01:39:15 | 000,046,352 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Marcos 2.jpg
[2014/07/02 01:36:37 | 000,095,130 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\family.jpg
[2014/07/02 01:31:07 | 000,049,959 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Marcos car.jpg
[2014/07/02 01:30:46 | 000,038,526 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Graduation Marcos.jpg
[2014/07/02 01:27:44 | 000,074,173 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\The boys.jpg
[2014/07/02 01:27:14 | 000,035,839 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Marcos and Neveah.jpg
[2014/07/02 01:25:18 | 000,096,146 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\mom and marcos.jpg
[2014/07/02 01:24:53 | 000,057,517 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Marcos.jpg
[2014/07/01 11:34:50 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/01 09:28:38 | 000,085,780 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\me.jpg
[2014/06/30 07:16:17 | 000,248,862 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\1000 High Frequency Words.pdf
[2014/06/30 07:13:07 | 000,248,862 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\First hundered High frequency words.pdf
[2014/06/29 08:11:43 | 000,079,007 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\her kids.jpg
[2014/06/29 08:11:10 | 000,047,801 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\mother and I.jpg
[2014/06/29 08:09:49 | 000,106,782 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\us.jpg
[2014/06/26 07:33:27 | 000,043,192 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\aaa.JPG
[2014/06/17 00:47:42 | 000,118,128 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\mrpfc01_a4.pdf
[2014/06/16 23:43:50 | 000,118,128 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\The Alphabet.pdf
[2014/06/16 17:10:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/15 17:23:09 | 000,002,236 | ---- | C] () -- C:\Users\Sylvia Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/15 17:23:09 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/15 17:20:56 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/15 17:20:45 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/12 17:41:07 | 000,001,233 | ---- | C] () -- C:\Users\Sylvia Garcia\Desktop\Revo Uninstaller.lnk
[2014/06/12 01:37:31 | 002,123,430 | ---- | C] () -- C:\Users\Sylvia Garcia\Documents\T-C-148-Weather-And-Season-Day-Calendar.pdf
[2014/06/12 01:37:04 | 007,917,242 | ---- | C] () -- C:\Users\Sylvia Garcia\Documents\T-L-069-Alphabet-picture-posters-mnenomic.pdf
[2014/06/11 01:30:34 | 000,000,546 | ---- | C] () -- C:\Windows\System32\schtasks.bin
[2014/06/09 18:24:42 | 000,000,000 | ---- | C] () -- C:\Cookies
[2014/04/26 22:09:33 | 001,241,088 | ---- | C] () -- C:\Users\Sylvia Garcia\AppData\Local\ChromeHitoryDB
[2014/02/20 11:06:00 | 000,000,071 | ---- | C] () -- C:\Users\Sylvia Garcia\AppData\Roaming\WB.CFG
[2014/02/05 14:49:16 | 000,205,904 | ---- | C] () -- C:\Windows\System32\ezHelpDownloader.exe
[2014/01/11 15:12:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/06/09 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\.purple
[2014/06/09 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\888pokerNJ
[2014/04/28 01:02:54 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\Compete
[2014/01/10 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\ezhelp
[2014/04/30 04:46:28 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\Gameo
[2014/07/01 11:57:39 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\GameoUpdater
[2014/03/31 09:22:30 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\Itibiti
[2014/01/12 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\Mastersoft
[2014/04/27 16:46:00 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\OpenSoftwareUpdater
[2014/04/27 23:47:12 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\Paltalk
[2014/04/29 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\PC Driver Kit
[2014/05/15 07:27:41 | 000,000,000 | ---D | M] -- C:\Users\Sylvia Garcia\AppData\Roaming\WeatherBug
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/06/16 01:10:57 | 000,174,223 | ---- | M] ()(C:\Users\Sylvia Garcia\Desktop\????? English with BRIAN TRACY C3 (1).docx) -- C:\Users\Sylvia Garcia\Desktop\ì¡°ì¸ìŠ¤í€˜ì–´ English with BRIAN TRACY C3 (1).docx
[2014/06/16 01:10:55 | 000,174,223 | ---- | C] ()(C:\Users\Sylvia Garcia\Desktop\????? English with BRIAN TRACY C3 (1).docx) -- C:\Users\Sylvia Garcia\Desktop\ì¡°ì¸ìŠ¤í€˜ì–´ English with BRIAN TRACY C3 (1).docx
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
 

 

 

 

 

=========================

 

 

Extras text.

 

 

OTL Extras logfile created on: 7/2/2014 3:03:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sylvia Garcia\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.92% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 188.65 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
 
Computer Name: SYLVIAGARCIA-PC | User Name: Sylvia Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1"
Directory [AddToPlaylistHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --playlist-enqueue "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BF770D-4FFF-4E1D-B469-DD549C1A98C5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20180691-9756-497F-9B70-1539F54ADB57}" = lport=1500 | protocol=6 | dir=in | name=koinorc |
"{2244EE1F-12D3-4C59-AFC1-68762F95CFD7}" = lport=138 | protocol=17 | dir=in | app=system |
"{2671F1CE-C56F-4AE0-BDA3-A6BE25F612A4}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A17E81D-C012-4E9C-A83A-256F49F769C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4310B9F7-38FE-4882-8C07-59B9B4835D6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{566AA155-D1D0-425F-AEC6-C154D5E93822}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D1D47EF-E059-48FE-B0C5-D09F0A2250BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{5EC71C40-857E-4F03-B64A-57A3DE83D5EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64A4D4A5-B920-4B3F-BB87-6F19F72D4CFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{736A8DB7-5662-4749-B0DA-6A069E9BF922}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95CD0746-F355-4F26-8DED-B9DE612CCA42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A53AE193-DCCB-49A8-9101-C779B1DEC8DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{A59940D6-610B-48FA-86C6-6ECEB60FCF41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AB913312-E45B-4FC2-A468-DA0023F03EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3F7AF7A-D3E4-4291-B3CD-4B0ED345E8B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB8A14D1-98BD-4218-917B-828AC218EACA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF510007-4094-465E-8CF6-60028D061514}" = lport=2500 | protocol=6 | dir=in | name=koinorc |
"{CF8F4BD3-32D0-4B2A-99FD-1FE4E3F013E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D7822E68-C36E-4EA5-80D0-AB54FAF6EA9C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF32811B-8086-462D-926E-3E4B01646634}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0F8AE54-B9A6-4DE1-B0CB-8530F06E66AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BBB711-9E66-4807-99FE-8E02E899185A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FABFA6F8-C02C-4CFA-A7C2-5A2D253B53B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE3BD681-078D-4A14-9ED8-CD64ACF80ACB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14A82A06-41DE-409F-8D1E-B93C99D16FC2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{19A2097B-26FF-41CD-9662-977D5388FA4D}" = protocol=1 | dir=in | [email protected],-28543 |
"{204337A7-008F-4E5F-89E1-FB4A037E45D3}" = dir=out | app=c:\program files\pcreg\service.exe |
"{2055466D-9226-4F23-BA6D-7DC71B9B1F33}" = protocol=6 | dir=in | app=c:\program files\ezhelp\server\remotefserver.exe |
"{20EEEDCA-F391-4BE1-9E61-C12FA43081A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27A36327-67FA-402D-ACCD-A4FAA2593C39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FB7C4DC-0ADF-4F36-A2BA-D3FDD793CE94}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{48D84FE4-67DC-4DEF-9D03-95CDB51B1E83}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{53F3D600-144D-4980-92F4-9CB76B341540}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58384399-2845-4F16-93DB-370D8A12FD78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{591C9CAA-E1B5-43E8-A721-F09727A08934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69101A41-8770-4615-8B12-65036A50FF52}" = dir=in | app=c:\program files\pcreg\service.exe |
"{714042C2-A681-4C5C-ADCF-2875606DA2B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81A78C7D-2073-4D5D-BF4F-F4037CA29F8D}" = dir=in | app=c:\program files\pcreg\pcreg.exe |
"{85541F52-E459-4425-BE58-52B7872F4FD8}" = protocol=6 | dir=out | app=system |
"{86512971-99CD-4AE1-9A7A-D2BB0B2B16EA}" = protocol=6 | dir=in | app=c:\program files\ezhelp\server\ezhelpserver.exe |
"{8721D66F-D0DA-49C4-B571-D2E391FBA216}" = protocol=58 | dir=out | [email protected],-28546 |
"{8B4D38E7-A0F8-466B-AA90-2912AFE50A1A}" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
"{953035EA-A82D-4081-993C-32973EA9176E}" = dir=out | app=c:\program files\pcreg\pcreg.exe |
"{984D30B5-8108-4290-949C-91A362A62C74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A508DE9-4299-4E6D-85C0-5A9D3E8F322B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E74EE48-DEF3-4A76-80D7-5A5B4FDD648D}" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
"{ABEEB1EB-E0C0-4017-AF63-D3EE70FD4930}" = protocol=6 | dir=in | app=c:\program files\ezhelp\server\soundmodule.exe |
"{AFE5D441-9CD8-47BB-952A-AC30E07AD4B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9C0990F-FCE5-40A4-9F2B-0607049851CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2449ED6-935A-49A1-BBD8-249E8675A41E}" = dir=in | app=c:\program files\pcreg\service.exe |
"{C5C1C9D3-E6D0-4289-BBB2-CBB616BF69CF}" = protocol=6 | dir=in | app=c:\users\sylvia garcia\appdata\local\temp\low\koino\anysupport\host_kr\koinohost.exe |
"{C9D413A4-37AB-4121-8341-4A4119EFA2F0}" = dir=in | app=c:\program files\pcreg\pcreg.exe |
"{D24B1C26-B434-479A-BCA7-2E38D9DA0AAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D61CC514-7B60-4FC6-8779-5044AD44081B}" = dir=out | app=c:\program files\pcreg\pcreg.exe |
"{DE6EBF81-AD23-4EEA-8F51-160AC097041E}" = dir=out | app=c:\program files\pcreg\service.exe |
"{DEDD3813-7C25-4964-A2A1-B7DE4B84A702}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4ACAFB8-1A05-4582-9085-EDC8CA139468}" = protocol=58 | dir=in | [email protected],-28545 |
"{E9824140-5BD6-4317-8FC3-22B4D7256910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F39EBB38-468A-48D5-AD9E-C7A4796DD5B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAEFB53C-7057-4484-98BA-F4657B09F6FB}" = protocol=17 | dir=in | app=c:\users\sylvia garcia\appdata\local\temp\low\koino\anysupport\host_kr\koinohost.exe |
"{FB97EDAC-C835-4ED6-A82F-95D0E4704FBA}" = protocol=1 | dir=out | [email protected],-28544 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{273130E8-117C-4237-A0FA-83EBBF11E051}" = Driver Restore
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{328622FC-0159-420C-BAE4-81B3001B4DA1}_is1" = ID Patroller
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}" = Driver Detective
"{6C6165FD-303E-4696-9D61-930244405B17}" = ASRPlugin2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skypeâ„¢ 6.16
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1" = PC Tech Hotline
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1" = Activeris AntiMalware
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Consumer Input Installer" = Consumer Input (remove only)
"ContentExplorer" = ContentExplorer
"Convert Files for Free" = Convert Files for Free
"f2d51b4c-2921-4a51-a0e0-efc3cbf492b8" = BlockAndSurf
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Frieven_s_Prox_1.8" = Frieven_s_Prox_1.8
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HiDef Media Player" = HiDef Media Player 1.1.12
"Hyper Browser" = Hyper Browser
"ImagePrinter" = ImagePrinter 2.1
"Itibiti_is1" = KNCTR
"iWebar" = iWebar
"Jsip" = Jsip
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Security Client" = Microsoft Security Essentials
"Netstudy ¹öÀü2.5" = Netstudy ¹öÀü2.5
"NSS" = Norton Security Scan
"OpenSoftwareUpdater" = OpenSoftwareUpdater
"Paltalk Messenger" = Paltalk Messenger  11.3
"PC Clean Maestro" = PC Clean Maestro
"PC Driver Kit_is1" = PC Driver Kit v3.1
"Pidgin" = Pidgin v2.10.3
"Revo Uninstaller" = Revo Uninstaller 1.95
"Setup Support for Consumer Input" = Consumer Input
"U+½º¸¶Æ®·¯´× LTE¿ø¾î¹Îȸȭ" = U+½º¸¶Æ®·¯´× LTE¿ø¾î¹Îȸȭ 2.5
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"Virtual Printer_is1" = Virtual Printer
"VLC media player" = VLC media player 2.1.3
"Weather It Up" = Weather It Up
"WeatherBug®" = WeatherBug®
"Worldwide Web Research11.041.44" = Worldwide Web Research
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTDownloader" = YTDownloader
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2375953999-3041022653-1334519409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 6.3.0.1440
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/1/2014 6:58:06 AM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/1/2014 10:44:53 AM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/1/2014 1:33:10 PM | Computer Name = SylviaGarcia-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.16521 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 5bc    Start
 Time: 01cf95526bc29a63    Termination Time: 25    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:   
 
Error - 7/1/2014 1:57:11 PM | Computer Name = SylviaGarcia-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.16521 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 15e8    Start
 Time: 01cf9552147a23c2    Termination Time: 40    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:   
 
Error - 7/1/2014 2:00:59 PM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/1/2014 5:35:27 PM | Computer Name = SylviaGarcia-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.16521 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1468    Start
 Time: 01cf955654c7de09    Termination Time: 80    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:   
 
Error - 7/2/2014 7:00:18 AM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/2/2014 7:05:38 AM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/2/2014 4:52:19 PM | Computer Name = SylviaGarcia-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 6/30/2014 11:22:51 PM | Computer Name = SylviaGarcia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the UMVPFSrv service.
 
Error - 7/1/2014 3:51:25 AM | Computer Name = SylviaGarcia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070490: Security Update for Windows 7 (KB2871997).
 
Error - 7/1/2014 10:43:14 AM | Computer Name = SylviaGarcia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:39:12 AM on ?7/?1/?2014 was unexpected.
 
Error - 7/1/2014 12:48:55 PM | Computer Name = SylviaGarcia-PC | Source = DCOM | ID = 10010
Description =
 
Error - 7/1/2014 1:58:10 PM | Computer Name = SylviaGarcia-PC | Source = DCOM | ID = 10010
Description =
 
Error - 7/1/2014 4:31:06 PM | Computer Name = SylviaGarcia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 7/2/2014 4:50:29 AM | Computer Name = SylviaGarcia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070490: Security Update for Windows 7 (KB2871997).
 
Error - 7/2/2014 11:09:02 AM | Computer Name = SylviaGarcia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070490: Security Update for Windows 7 (KB2871997).
 
 
< End of report >
 

Link to post
Share on other sites

Hi sylvia, i need you to go to add/uninstall panel and/or use REVO to uninstall these, better check to see if they are in either:

 

888pokerNJ  <<< this has a tracker installed with it & sells info about you !
Activeris AntiMalware
iWebar
PC Clean Maestro
PC Driver Kit v3.1
PC Tech Hotline

 

Those just need removed if present !!!

 

 

=====================

 

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =O4 - HKU\S-1-5-21-2375953999-3041022653-1334519409-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not foundO13 - gopher Prefix: missing:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

 

let me know how it's running, any pop-ups ??

 

Chuck
 

Link to post
Share on other sites

sylvia's log

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2375953999-3041022653-1334519409-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV deleted successfully.

========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sylvia Garcia
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sylvia Garcia
->Flash cache emptied: 3128 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sylvia Garcia
->Temp folder emptied: 125804961 bytes
->Temporary Internet Files folder emptied: 312648804 bytes
->Google Chrome cache emptied: 352991914 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197901 bytes
RecycleBin emptied: 16151871 bytes
 
Total Files Cleaned = 770.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07032014_102210

Files\Folders moved on Reboot...
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DF333C9433DCBEAE00.TMP not found!
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DF46A70C72037BC21D.TMP not found!
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DFA536D18ECD2785D6.TMP not found!
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DFD514F18659494064.TMP not found!
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DFDE3E4425B57A3B84.TMP not found!
File\Folder C:\Users\Sylvia Garcia\AppData\Local\Temp\~DFDF292AC9A2597575.TMP not found!
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NW2DURPF\34651-advertisment-pop-ups-while-browsing-internet-possible-malware[2].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NW2DURPF\zrt_lookup[1].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XRC92W3\adsMRJ3ARRK.htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XRC92W3\adsW43G41ZN.htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XRC92W3\fastbutton[1].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XRC92W3\like[1].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XRC92W3\postmessageRelay[1].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4P4RU34K\ads2KSJEFLV.htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4P4RU34K\adsETI0LKQI.htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZJWAB0N\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZJWAB0N\6-malware-removal[2].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZJWAB0N\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZJWAB0N\DhmkJ2TR0QN[2].htm moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZJWAB0N\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\Sylvia Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

That's fine sylvia !

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

 

OK looks clean !

 

How is it running any problems ???

 

Chuck

Link to post
Share on other sites

What are they from ??

 

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from this location:

Link 1
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix



* IMPORTANT !!! Save ComboFix.exe to your Desktop



  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<<  for programs that need to be disabled and instruction on how to disable them.
   
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

 1. Notes:   

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.  

 

 

Post log when done !

 

Thansk

Chuck

Link to post
Share on other sites

We will work on this when i get back if the pop-uos are still happening ! Are they when you surf ?? Or when using the computer in general ??

 

Chuck

Link to post
Share on other sites

She found the problem, we think ! It was in the allow pop-ups settings in Google chrome ! We will wait a few days and see if her problems continue !

 

Chuck

Link to post
Share on other sites
Guest
This topic is now closed to further replies.