Sign in to follow this  
sunnyjones3

help :)

Recommended Posts

Hi sunny, yes we will clean it up ! Let me get some tools for you to run along with instructions !

 

Chuck

Share this post


Link to post
Share on other sites

Hi, ok lets get started !!

 

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  
 

 

Please download  adwcleaner by Xplode onto your desktop..
   * Close all open programs and internet browsers.
   * Double click on AdwCleaner.exe to run the tool.
   *  Click on Delete button.
   *  A logfile will automatically open after the scan has finished.
   *  Please post the contents of that logfile with your next reply.
   *  You can find the logfile at C:\AdwCleaner[s1].txt. as well.


NEXT

    
thisisujrt.gif Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!
 

 

Just copy & paste me the logs !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

ok this is what it said i think i am doing it right 

 

# AdwCleaner v2.306 - Logfile created 08/16/2013 at 21:05:59
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : sunnyjones - SUNNYJONES-HP
# Boot Mode : Normal
# Running from : C:\Users\sunnyjones\Downloads\adwcleaner (1).exe
# Option [Delete]
 
 
***** [services] *****
 
Stopped & Deleted : CltMngSvc
Stopped & Deleted : vToolbarUpdater14.2.0
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Deleted on reboot : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae
File Deleted : C:\END
File Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\SUNNYJ~1\AppData\Local\Temp\CT3294791
Folder Deleted : C:\Users\sunnyjones\AppData\Local\Conduit
Folder Deleted : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae
Folder Deleted : C:\Users\sunnyjones\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\CT3294791
Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\SearchProtect
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\prefs.js
 
Deleted : user_pref("CT3294791.FF19Solved", "true");
Deleted : user_pref("CT3294791.UserID", "UN55590510949463059");
Deleted : user_pref("CT3294791.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3294791.autoDisableScopes", -1);
Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3294791.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3294791.fullUserID", "UN55590510949463059.IN.20130816143152");
Deleted : user_pref("CT3294791.installDate", "16/08/2013 14:31:51");
Deleted : user_pref("CT3294791.installSessionId", "{E6FD7B31-D126-4CC5-8D51-A3B30E0C3E32}");
Deleted : user_pref("CT3294791.installSp", "TRUE");
Deleted : user_pref("CT3294791.installerVersion", "1.6.0.22");
Deleted : user_pref("CT3294791.keyword", "true");
Deleted : user_pref("CT3294791.originalHomepage", "about:home");
Deleted : user_pref("CT3294791.originalSearchAddressUrl", "");
Deleted : user_pref("CT3294791.originalSearchEngine", "");
Deleted : user_pref("CT3294791.originalSearchEngineName", "");
Deleted : user_pref("CT3294791.searchRevert", "false");
Deleted : user_pref("CT3294791.searchUserMode", "2");
Deleted : user_pref("CT3294791.smartbar.homepage", "true");
Deleted : user_pref("CT3294791.startPageXPETakeover", "true");
Deleted : user_pref("CT3294791.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3294791.xpeMode", "3");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultenginename", "Vafmusic2 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.machineId", "Z/2SAIAJSYBZERS4XYAXOBE3L3GSR4GIH3YAK7HZV9ZMVWXXDIWQQKZZFJF/6DGRZJT[...]
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R1].txt - [14820 octets] - [22/04/2013 20:09:01]
AdwCleaner[s1].txt - [14745 octets] - [22/04/2013 20:15:10]
AdwCleaner[s2].txt - [7370 octets] - [16/08/2013 21:05:59]
 
########## EOF - C:\AdwCleaner[s2].txt - [7430 octets] ##########

Share this post


Link to post
Share on other sites

Sunny, good job ! Now the other tool/program log please !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Sunny, these are the programs/tools i need you to run when you get the time, it's ok if you don't get it all done tonight !!! I will continue with your cleaning in the morning ! Post any logs you get for me !
You can use the computer if you need to !!


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



Please don't attach the scans / logs, use "copy/paste".


NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

The OTL (oldtimer) log will take a while to run & then about a 1/2 to an hour for me to read & find the bad stuff !

 

Then i will make a fix for you in the morning !

 

Also tell me about your "shockwave" not/stopped working ?

 

 

Thanks

Chuck
 

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.6 (08.15.2013:1)

OS: Windows 7 Home Premium x64

Ran by sunnyjones on Fri 08/16/2013 at 21:25:26.17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{55282493-952C-4CD9-91B1-14053F3CB04B}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\sunnyjones\AppData\Roaming\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\sunnyjones\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\sunnyjones\appdata\local\strongvault online backup"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\sunnyjones\AppData\Roaming\mozilla\firefox\profiles\74v95my7.default\minidumps [2 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/16/2013 at 21:55:00.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

ok this is the one before i clicked removed selected

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.16.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
sunnyjones :: SUNNYJONES-HP [administrator]
 
8/16/2013 10:08:50 PM
MBAM-log-2013-08-16 (22-21-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218266
Time elapsed: 12 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 16
C:\Users\sunnyjones\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\installer.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\setup__120.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Users\sunnyjones\Downloads\FlashPlayer_V.39166259c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\sunnyjones\Downloads\Player_Setup.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\sunnyjones\Downloads\Produtools_Forms_B2 (1).exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Downloads\Produtools_Forms_B2.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us (1).exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_latest.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\36HFG34Y\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\TZCZKYVI\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
 
(end)

Share this post


Link to post
Share on other sites

and this is the one after i clicked remove selected

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.16.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
sunnyjones :: SUNNYJONES-HP [administrator]
 
8/16/2013 10:08:50 PM
mbam-log-2013-08-16 (22-08-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218266
Time elapsed: 12 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 16
C:\Users\sunnyjones\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\installer.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\setup__120.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Users\sunnyjones\Downloads\Player_Setup.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\sunnyjones\Downloads\Produtools_Forms_B2 (1).exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Downloads\Produtools_Forms_B2.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us (1).exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Downloads\rcpsetup_latest.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\36HFG34Y\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\TZCZKYVI\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sunnyjones\Downloads\FlashPlayer_V.39166259c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
 
(end)

Share this post


Link to post
Share on other sites
OTL logfile created on: 8/16/2013 10:34:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\sunnyjones\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.60 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 20.56% Memory free

3.21 Gb Paging File | 1.44 Gb Available in Paging File | 44.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.92 Gb Total Space | 132.30 Gb Free Space | 60.43% Space Free | Partition Type: NTFS

Drive D: | 13.67 Gb Total Space | 1.70 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Drive E: | 551.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive G: | 99.18 Mb Total Space | 89.03 Mb Free Space | 89.77% Space Free | Partition Type: FAT32

 

Computer Name: SUNNYJONES-HP | User Name: sunnyjones | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/08/16 22:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sunnyjones\Downloads\OTL.com

PRC - [2013/07/12 22:40:31 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\sunnyjones\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/05/09 02:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 02:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/05 02:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/11/05 02:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

MOD - [2012/08/06 03:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll

MOD - [2010/11/11 03:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

MOD - [2010/07/13 07:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

MOD - [2010/07/05 03:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

MOD - [2010/06/23 19:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

MOD - [2010/06/01 23:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll

MOD - [2010/06/01 20:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

MOD - [2010/06/01 20:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

MOD - [2010/06/01 20:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll

MOD - [2010/06/01 20:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2013/05/09 02:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/03/04 13:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/04 13:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 07:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2013/05/27 20:47:09 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/08/14 14:42:29 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/08/14 14:42:29 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/08/14 14:42:29 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/05/09 02:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 02:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 02:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 02:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 02:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/02/25 00:21:32 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/12/06 04:30:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/12/06 04:30:03 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/12/06 04:29:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/09/28 15:14:58 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/05 17:33:38 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2011/10/15 18:00:08 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/05 01:16:20 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/04 16:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/03/04 13:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/02/15 13:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2010/11/29 06:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/11 20:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/11 20:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sunnyjones\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sunnyjones\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sunnyjones\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/14 10:20:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013/04/22 19:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Extensions

[2013/08/16 21:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\extensions

[2013/05/27 20:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/05/27 20:47:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sunnyjones\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\sunnyjones\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sunnyjones\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Users\sunnyjones\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\sunnyjones\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\sunnyjones\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

 

O1 HOSTS File: ([2013/04/22 19:36:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8445F7AB-EF8C-4619-B882-39F55811BDD9}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/02/10 19:02:00 | 000,000,016 | R--- | M] () - E:\AUTOPLAY.BAT -- [ UDF ]

O32 - AutoRun File - [2011/02/10 19:02:00 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]

O33 - MountPoints2\{ad6f8475-f14f-11e0-9c1f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ad6f8475-f14f-11e0-9c1f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PopCDRun.exe -- [2011/02/10 19:00:44 | 000,300,376 | R--- | M] ()

O34 - HKLM BootExecute: (/sync /restart)

O34 - HKLM BootExecute: (/sync /restart)

O34 - HKLM BootExecute: (/sync /restart)

O34 - HKLM BootExecute: (/sync /restart)

O34 - HKLM BootExecute: (/sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/08/16 22:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/08/16 22:06:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/08/16 22:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/08/16 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\sunnyjones\AppData\Local\ Online Backup

[2013/08/16 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2013/08/14 03:51:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/08/14 03:51:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/08/14 03:51:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/08/14 03:51:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/08/14 03:51:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/08/14 03:51:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/08/14 03:51:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/08/14 03:51:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/08/14 03:51:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/08/14 03:51:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/08/14 03:51:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/08/14 03:50:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/08/14 03:50:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/08/14 03:50:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/08/14 03:50:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/08/14 03:08:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

[2013/08/13 17:24:39 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/08/13 17:24:37 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/08/13 17:23:41 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/08/13 17:23:40 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013/08/13 17:23:38 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/08/13 17:23:15 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll

[2013/08/13 17:23:04 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/08/13 17:22:59 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/08/13 17:22:58 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/08/13 17:22:56 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/08/13 17:22:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/08/13 17:22:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/08/13 17:22:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/08/13 17:22:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/08/13 17:22:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/08/13 17:22:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/08/12 03:07:34 | 000,000,000 | ---D | C] -- C:\Users\sunnyjones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

 

========== Files - Modified Within 30 Days ==========

 

[2013/08/16 22:46:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3993016273-2347322539-148929479-1002Core.job

[2013/08/16 22:46:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3993016273-2347322539-148929479-1002UA.job

[2013/08/16 22:36:23 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/16 22:36:23 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/16 22:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/16 22:26:34 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/16 22:07:00 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/16 21:08:07 | 000,000,423 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/08/14 14:42:29 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/08/14 14:42:29 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/08/14 14:42:29 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/08/14 14:42:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/08/14 14:42:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/08/14 14:42:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/08/14 10:21:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/08/14 03:29:17 | 000,738,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/14 03:29:17 | 000,623,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/14 03:29:17 | 000,105,956 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/13 15:37:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsunnyjones.job

[2013/08/12 03:07:34 | 000,002,396 | ---- | M] () -- C:\Users\sunnyjones\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/08/12 03:07:33 | 000,002,394 | ---- | M] () -- C:\Users\sunnyjones\Desktop\Google Chrome.lnk

[2013/08/06 19:00:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSUNNYJONES-HP$.job

[2013/07/25 23:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/07/25 23:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/07/25 23:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/07/25 23:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/07/25 23:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/07/25 23:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/07/25 23:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/07/25 23:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/07/25 21:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/07/25 21:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/07/25 21:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/07/25 21:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/07/25 21:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/07/25 20:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/07/25 19:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/07/25 03:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/07/25 02:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

 

========== Files Created - No Company Name ==========

 

[2013/08/16 22:07:00 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/14 14:42:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/08/14 14:42:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/08/14 14:42:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/08/12 03:07:33 | 000,002,396 | ---- | C] () -- C:\Users\sunnyjones\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/08/12 03:07:32 | 000,002,394 | ---- | C] () -- C:\Users\sunnyjones\Desktop\Google Chrome.lnk

[2012/12/27 12:30:58 | 000,000,580 | ---- | C] () -- C:\Users\sunnyjones\AppData\Local\cookies.ini

[2011/11/07 12:58:33 | 000,774,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/15 18:00:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

 

< End of report >

Share this post


Link to post
Share on other sites

ok this is all of it!! the shockwave player: when i am playing game on facebook it pops up on the top of the screen in yellow and has a said face and says a plug in ( shockwave player) has crashed or not responding then a little box will pop up and say whatever game i am playing has become unresponsive want to wait or kill page it drives me crazy!! 

Share this post


Link to post
Share on other sites

Good morning sunny, first you did excelent job, told you they are not hard to run, now lets do some more cleaning.

 

The Malwarebytes log shows some bad ones that we need to remove. Open/run Malwarebytes then >>>

 

(PUP.Optional.Conduit.A) -> No action taken. <<< means they were not removed ! 

Make sure that everything is checked, and click Remove Selected.

 

Now i will spend sometime reading your OTL log, back in a while with a fix !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Sunny after you post me the results from the Malwarebytes, please continue below !

 

 

We need to Run an OTL fix !!

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png. Do not include the word Code

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\..\SearchScopes,DefaultScope =FF - user.js - File not found[2013/04/22 19:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Extensions[2013/08/16 21:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\extensions[2013/05/27 20:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browserO4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not foundO4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not foundO1364bit: - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection/ antivirus.

 

 

 

========================

 

Lets check for additional security risks:

    * Please download CKScanner© by askey127 and save to your desktop.Click here >>> Click here.
    * Double click on CKScanner.exe and click Search For Files.
    * After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
    * Post the contents of ckfiles.txt in your reply, it is located on your desktop.
 

 

 

Almost done stay with me !

 

Thanks

Chuck

 


 

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.16.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

sunnyjones :: SUNNYJONES-HP [administrator]

 

8/17/2013 1:55:39 PM

mbam-log-2013-08-17 (13-55-39).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218406

Time elapsed: 11 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 15

C:\Users\sunnyjones\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\installer.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\setup__120.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\Player_Setup.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\Produtools_Forms_B2 (1).exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\Produtools_Forms_B2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us (1).exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Downloads\rcpsetup_latest.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\36HFG34Y\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\TZCZKYVI\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)

Share this post


Link to post
Share on other sites

Hi sunny, there should be a log showing it removed those in the OTL fix !! I want to make sure it removed them.

Look in C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.

 

 

Chuck

 

Try running it again !

Share this post


Link to post
Share on other sites
KScanner 2.3 - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\hp games\farm frenzy\wtmui_es\data\sounds\bear_crack_cat.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_es\data\sounds\bear_crack_cow.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_es\data\sounds\bear_crack_goose.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_es\data\sounds\bear_crack_product.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_es\data\sounds\bear_crack_sheep.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_it\data\sounds\bear_crack_cat.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_it\data\sounds\bear_crack_cow.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_it\data\sounds\bear_crack_goose.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_it\data\sounds\bear_crack_product.ogg

c:\program files (x86)\hp games\farm frenzy\wtmui_it\data\sounds\bear_crack_sheep.ogg

c:\program files (x86)\wildgames\nightfall mysteries asylum conspiracy\swfs\windows\wallcrack.swf

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\ce\deletedscene\splashdowncargoho\layouts\object_ls_nutscrackers.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\ce\deletedscene\splashdowncargoho\layouts\int_ls_nutscrackers\hot_spot.raw

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\layouts\main\obj_glasscrack\object.txt

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\layouts\main\obj_glasscrack2\object.txt

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\sfx\windshield_crack_1.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\sfx\windshield_crack_2.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\sfx\windshield_crack_3.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_01\cockpit\sfx\windshield_crack_4.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_03\compass_cu\layouts\crackmist.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_05\bedroom_tableho\layouts\glass_crack.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_05\bedroom_tableho\layouts\obj_mirror\crack1.anm

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_05\bedroom_tableho\layouts\obj_mirror\crack2.anm

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_05\bedroom_tableho\sfx\mirror_cracked.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_06\library_hatch\layouts\crack1.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_06\library_hatch\layouts\crack2.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_06\library_hatch\layouts\crack3.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_06\library_hatch\layouts\crack4.jpg.bin

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_06\library_hatch\sfx\ice_crack_trim.ogg

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_07\researchers_table\layout\obj_radio\crack.anm

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_07\researchers_table\layout\obj_radio\crack2.anm

c:\program files (x86)\wildtangent games\games\hauntingmysteriestheislandoflostsoulspremiumedition\data\game\chapter_07\researchers_table\sfx\mirror_cracked.ogg

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\explosion_bez_sabli.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\explosion_bez_sabli_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\explosion_sablya.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\explosion_sablya_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\fight.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\fight_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\snowman_blows.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\snowman_blows_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\snowman_sani.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\snowman_sani_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\sova_maska.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\sova_maska_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\sova_unfreeze.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\sova_unfreeze_mask.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\zatvorki.ogv

c:\program files (x86)\wildtangent games\games\weirdparkscarytales\video\nutcracker\zatvorki_mask.ogv

scanner sequence 3.ZZ.11.DAAPQI

 ----- EOF ----- 

Share this post


Link to post
Share on other sites
All processes killed

Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-3993016273-2347322539-148929479-1002\..\SearchScopes,DefaultScope => in the current context!

Error: Unable to interpret <FF - user.js - File not found> in the current context!

Error: Unable to interpret <[2013/04/22 19:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Extensions> in the current context!

Error: Unable to interpret <[2013/08/16 21:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\extensions> in the current context!

Error: Unable to interpret <[2013/05/27 20:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser> in the current context!

Error: Unable to interpret <O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found> in the current context!

Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!

Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: sunnyjones

->Java cache emptied: 0 bytes

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: sunnyjones

->Flash cache emptied: 20196 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: sunnyjones

->Temp folder emptied: 110833799 bytes

->Temporary Internet Files folder emptied: 18796680 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 323280738 bytes

->Google Chrome cache emptied: 300449546 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 167587665 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304214 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 16990 bytes

 

Total Files Cleaned = 919.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 08172013_142225

 

Files\Folders moved on Reboot...

File move failed. C:\Users\sunnyjones\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

File move failed. C:\Users\sunnyjones\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.

C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.

C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.

C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File\Folder C:\Windows\temp\TMP0000000DCF9C169B0E93F277 not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Sunny, thanks ..... that was it !!

Ok one last step with the cleaning !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.

 

 

=========================

 

 

Now lets see if we can fix the flash player !!
The first link is for an uninstall of flash player, the second is for the latest install !!

 

http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

 

http://get.adobe.com/shockwave/

 

while installing the new Flash Player be careful of the 2 boxes being checked for Google chrome, if you don't want them just uncheck the box,
then click "next" !!

 

 

After you try this let me know if it helped runn the flash player & how the computer is running !!!

It may be a little slow the first few re-boots but will get faster !!

 

Chuck

 

And i have my standard all clean speech for you !!

Share this post


Link to post
Share on other sites

Sunny, that should do it ! I think we cleaned a bunch out !

 

Let me know how it's running ?? And if we fixed the flash player problem ??

 

 

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:


 1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  * From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the  Security tab
   * Click once on the  Internet icon so it becomes highlighted.
   * Click once on the  Custom Level button.
   * Change the  Download signed ActiveX controls to Prompt
   * Change the  Download unsigned ActiveX controls to Disable
   * Change the  Initialize and script ActiveX controls not marked as safe to Disable
  *  Change the  Installation of desktop items to Prompt
   * Change the  Launching programs and files in an IFRAME to Prompt
   * Change the  Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the  OK button.
   * If it prompts you as to whether or not you want to save the settings, press the  Yes button.
  *  Next press the  Apply button and then the  OK to exit the Internet Properties page.


 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  *  Open  Internet Explorer
  *  Click on  Tools > Internet Options
  *  Press  Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
  *  Do the same for  Local Intranet, Trusted Sites and  Restricted Sites and then press  Apply
  *  Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.


NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free
Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
 regularly to download and install any critical updates and service packs.  Windows Vista/7 users can open the  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 6. Consider a custom hosts file such as MVPS HOSTS
 This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the  DNS Client service  before installing a custom hosts file.

 7. WOT (Web of Trust)
WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice
 


A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

Share this post


Link to post
Share on other sites

This topic has been resolved, if you need this re-opened please PM myself or another mod !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this