remove mess on computer and add whar is needed

sands00 · November 14, 2013

norton error fix 3043,1000

ips definition failed

the required .net framework is not found-

search.conduit.com please remove

gfxui not working

toshiba app place has stopped working --Smart audio II appl terminated

I have to keep refreshing when I'm in a site.

I have to go to restore recovery about every 45 moinutes

sands00 · November 14, 2013

do u have it now

flashh4 · November 14, 2013

Got it & i moved it ! I will be right back with some tools/programs for you !

flashh4 · November 14, 2013

Howdy Cheryl and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the Clean button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

NEXT

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

NEXT

MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

    * Then click Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.

Please don't attach the scans / logs, use "copy/paste".

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log
Thanks
Chuck

sands00 · November 14, 2013

thin k i found it.

flashh4 · November 14, 2013

Ok ! if you have any questions just PM me or ask here !!

Chuck

flashh4 · November 14, 2013

Cheryl,i copied it here for you !

# AdwCleaner v3.012 - Report created 13/11/2013 at 21:49:18 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : v'cxxv'cv'cxxv'cv'cv - -PC # Running from : C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Downloads\adwcleaner(1).exe # Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3667 octets] - [13/11/2013 21:08:41] AdwCleaner[R1].txt - [19189 octets] - [13/11/2013 21:20:50] AdwCleaner[R2].txt - [307 octets] - [13/11/2013 21:44:18] AdwCleaner[R3].txt - [307 octets] - [13/11/2013 21:45:54] AdwCleaner[R4].txt - [2084 octets] - [13/11/2013 21:48:24] AdwCleaner[s0].txt - [19404 octets] - [13/11/2013 21:22:26] AdwCleaner[s1].txt - [2017 octets] - [13/11/2013 21:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2077 octets] ########## # AdwCleaner v3.012 - Report created 13/11/2013 at 21:49:18 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : v'cxxv'cv'cxxv'cv'cv - -PC # Running from : C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Downloads\adwcleaner(1).exe # Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3667 octets] - [13/11/2013 21:08:41] AdwCleaner[R1].txt - [19189 octets] - [13/11/2013 21:20:50] AdwCleaner[R2].txt - [307 octets] - [13/11/2013 21:44:18] AdwCleaner[R3].txt - [307 octets] - [13/11/2013 21:45:54] AdwCleaner[R4].txt - [2084 octets] - [13/11/2013 21:48:24] AdwCleaner[s0].txt - [19404 octets] - [13/11/2013 21:22:26] AdwCleaner[s1].txt - [2017 octets] - [13/11/2013 21:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2077 octets] ########## # AdwCleaner v3.012 - Report created 13/11/2013 at 21:49:18 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : v'cxxv'cv'cxxv'cv'cv - -PC # Running from : C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Downloads\adwcleaner(1).exe # Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3667 octets] - [13/11/2013 21:08:41] AdwCleaner[R1].txt - [19189 octets] - [13/11/2013 21:20:50] AdwCleaner[R2].txt - [307 octets] - [13/11/2013 21:44:18] AdwCleaner[R3].txt - [307 octets] - [13/11/2013 21:45:54] AdwCleaner[R4].txt - [2084 octets] - [13/11/2013 21:48:24] AdwCleaner[s0].txt - [19404 octets] - [13/11/2013 21:22:26] AdwCleaner[s1].txt - [2017 octets] - [13/11/2013 21:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2077 octets] ##########

sands00 · November 14, 2013

thank u

flashh4 · November 14, 2013

It's ok, just copy & paste all logs like you just did the "thank u" you posted !

I am very patient !!

Let me know when you need to stop for tonight !!

Chuck

sands00 · November 14, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by v'cxxv'cv'cxxv'cv'cv on Wed 11/13/2013 at 22:18:19.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FE184143-F1A0-4252-9626-4E9273E3832C}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

Successfully deleted: [File] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\mozilla\firefox\profiles\drkjuegq.default-1372979702731\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Emptied folder: C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\mozilla\firefox\profiles\drkjuegq.default-1372979702731\minidumps [21 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at 22:30:38.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

flashh4 · November 14, 2013

Cheryl did you find the Malwarebytes log ??

Chuck

sands00 · November 14, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by v'cxxv'cv'cxxv'cv'cv on Wed 11/13/2013 at 22:18:19.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FE184143-F1A0-4252-9626-4E9273E3832C}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

Successfully deleted: [File] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\v'cxxv'cv'cxxv'cv'cv\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\mozilla\firefox\profiles\drkjuegq.default-1372979702731\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Emptied folder: C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\mozilla\firefox\profiles\drkjuegq.default-1372979702731\minidumps [21 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at 22:30:38.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

couldn't get the last log. reran it again and it still didn 't come up.

flashh4 · November 14, 2013

That was the old Junkware log !! I will work without the Malwarebytes log if you can't locate it !!

flashh4 · November 14, 2013

Cheryl, work on these as time permits you ! Each will produce a log so make sure you copy & paste them here !!

When there is 2 links you only need 1 to work !!

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

NEXT

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

NEXT

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this location:

Link 1
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix

* IMPORTANT !!! Save ComboFix.exe to your Desktop

* Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    * See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<< for programs that need to be disabled and instruction on how to disable them.

    * Remember to re-enable them when we're done.

    * Double click on ComboFix.exe & follow the prompts.

    * As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    * Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Post next:
1. Security Check log
2. RogueKiller log
3. Combofix log

Thanks
Chuck

flashh4 · November 14, 2013

RogueKiller log you sent me is clean !!! Please continue !!

Chuck

flashh4 · November 14, 2013

Cheryl see if you can get the Security check above to run & post the log here ! !!

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

Post Next:

1. Security check log

2. OTL logs (2)

Thanks

Chuck

sands00 · November 14, 2013

I haven't found anything else to run. Let me know what u need. I know u wish u had never heard of me. I am so blessed and thankful for your help.

flashh4 · November 14, 2013

http://oldtimer.geekstogo.com/OTL.com

sands00 · November 14, 2013

OTL logfile created on: 11/14/2013 12:57:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Downloads
64bit-Windows XP Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 61.06% Memory free
7.61 Gb Paging File | 5.85 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.98 Gb Total Space | 409.46 Gb Free Space | 90.19% Space Free | Partition Type: NTFS

Computer Name: -PC | User Name: v'cxxv'cv'cxxv'cv'cv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 12:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\My Documents\Downloads\OTL.com
PRC - [2013/10/20 08:33:11 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/09 09:11:16 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/05 10:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2009/12/09 18:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 18:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/20 08:33:11 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/09 09:11:16 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/20 08:33:11 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 09:11:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 18:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 18:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/31 16:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E0988084-C67F-4934-AD30-8C23E0BC6B76}
IE:64bit: - HKLM\..\SearchScopes\{E0988084-C67F-4934-AD30-8C23E0BC6B76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\..\SearchScopes,DefaultScope = {A9D8E67A-9BEE-4F9B-9027-327EE8236F45}
IE - HKCU\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS534
IE - HKCU\..\SearchScopes\{F59515E6-EA5F-4EB8-93D6-C34735898DE9}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox%40batbrowse.com:1.0.0
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/30 01:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Extensions
[2013/11/14 08:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions
[2013/10/29 11:55:58 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\ScorpionSaver@jetpack
[2013/11/11 14:45:45 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected]
[2013/11/11 14:45:45 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected]
[2013/11/13 21:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions
[2013/10/29 10:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\ScorpionSaver@jetpack
[2013/10/29 12:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\staged
[2013/11/11 14:45:44 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\[email protected]
[2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected]
[2013/11/14 08:34:29 | 000,477,497 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected]
[2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\[email protected]
[2013/11/08 10:04:59 | 000,002,568 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\searchplugins\aol-search.xml
[2013/11/14 08:34:28 | 000,002,544 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\searchplugins\ask-search.xml
[2013/10/29 12:38:34 | 000,003,746 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\searchplugins\safeguard-secure-search.xml
[2013/11/13 07:39:44 | 000,001,102 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\searchplugins\sweetpacks-a5-customized-web-search.xml
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (WordExtra) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/12 18:47:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\

O1 HOSTS File: ([2013/11/14 11:16:55 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.61 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{035763F2-93BA-4163-BBA3-93ABDC6EEE87}: DhcpNameServer = 24.25.5.61 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/14 11:25:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/14 11:23:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/11/14 11:23:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/11/14 11:23:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/11/14 11:23:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/11/14 11:22:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/14 11:22:15 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/11/14 11:22:13 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/11/14 11:14:47 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\RK_Quarantine
[2013/11/14 10:40:44 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/11/14 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Sun
[2013/11/14 08:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/11/14 08:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/11/14 08:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/11/13 22:41:33 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Malwarebytes
[2013/11/13 22:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/13 22:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/13 22:38:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/11/13 22:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/13 22:18:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/13 21:28:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/13 21:28:39 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 21:28:29 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/13 21:28:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/13 21:28:28 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 21:27:49 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/13 21:07:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 20:09:04 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/13 20:09:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/13 20:09:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/13 20:09:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/13 20:09:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/13 19:59:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/13 19:59:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/13 19:59:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/13 19:59:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/13 19:59:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/13 19:59:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/13 19:59:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/13 19:59:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/13 19:59:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/13 19:59:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/13 19:59:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/13 19:59:48 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/13 19:59:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/13 19:59:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/13 19:59:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/13 19:58:21 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/13 19:58:15 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/13 19:58:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 19:58:14 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/13 19:58:14 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/10 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\WordExtra
[2013/11/10 09:26:19 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Downloads
[2013/10/29 21:51:07 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Symantec
[2013/10/29 16:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/29 14:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic4
[2013/10/29 14:31:33 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Uniblue
[2013/10/29 14:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/10/29 12:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Level Quality Watcher
[2013/10/29 12:46:34 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Programs
[2013/10/29 12:39:10 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Mobogenie
[2013/10/29 12:39:10 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Mobogenie
[2013/10/29 12:39:10 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\cache
[2013/10/29 12:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/10/29 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\AVG SafeGuard toolbar
[2013/10/29 12:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/10/29 12:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/10/29 12:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/10/29 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Toshiba Corporation
[2013/10/29 12:09:25 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64
[2013/10/29 12:09:25 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64\7DE06000.01B
[2013/10/29 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2013/10/29 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/10/29 10:57:15 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/29 10:54:43 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\NativeMessaging
[2013/10/22 08:02:43 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/10/22 08:02:43 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/10/20 09:06:02 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/10/20 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/19 14:37:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/10/19 14:37:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/10/19 14:37:45 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/10/19 14:37:44 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/10/19 14:37:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/10/19 14:37:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/10/19 14:37:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/10/19 14:37:43 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013/10/19 14:37:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/10/19 14:37:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/10/19 14:37:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/10/19 14:37:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/10/19 14:37:39 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/10/19 14:37:38 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/10/19 14:37:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/10/19 14:37:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/10/19 14:37:37 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/10/19 14:37:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/10/19 14:37:37 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/10/19 14:37:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/10/19 14:37:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/10/19 14:37:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/10/19 14:37:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/10/19 14:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/10/19 14:37:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/10/19 14:34:27 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/19 14:34:27 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/19 14:32:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/10/18 20:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/18 19:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/10/18 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Documents\Flash Player Pro
[2013/10/18 19:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/10/18 18:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 09:41:27 | 000,000,000 | ---D | C] -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\Old Firefox Data-1
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/14 12:48:59 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/14 12:47:35 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/14 12:47:35 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/14 12:47:35 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/14 12:46:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/14 12:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/14 12:01:22 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 12:01:22 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 11:54:36 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 11:54:11 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/14 11:16:55 | 000,000,741 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/11/13 23:14:26 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 21:19:13 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/29 12:49:50 | 000,000,404 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\FREE Games.url
[2013/10/29 12:38:20 | 000,003,746 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/20 09:57:32 | 000,001,266 | ---- | M] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\Norton Installation Files.lnk
[2013/10/19 09:20:26 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/14 11:23:47 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/11/14 11:23:47 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/11/14 11:23:47 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/11/14 11:23:47 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/11/14 11:23:47 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/11/13 22:38:30 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/29 12:49:50 | 000,000,404 | ---- | C] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\FREE Games.url
[2013/10/29 12:38:10 | 000,003,746 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/20 09:06:02 | 000,001,266 | ---- | C] () -- C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\Norton Installation Files.lnk
[2013/10/19 09:20:26 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/19 09:20:24 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

can't believe i got it

flashh4 · November 14, 2013

We need to Run an OTL fix !! Will look like this >>

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E0988084-C67F-4934-AD30-8C23E0BC6B76}IE:64bit: - HKLM\..\SearchScopes\{E0988084-C67F-4934-AD30-8C23E0BC6B76}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" =IE - HKCU\..\SearchScopes,DefaultScope = {A9D8E67A-9BEE-4F9B-9027-327EE8236F45}IE - HKCU\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS534IE - HKCU\..\SearchScopes\{F59515E6-EA5F-4EB8-93D6-C34735898DE9}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2013/11/13 21:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions[2013/10/29 10:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\ScorpionSaver@jetpack[2013/10/29 12:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\staged[2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected][2013/11/14 08:34:29 | 000,477,497 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected][2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\[email protected][2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensionsCHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: []  File not foundO4 - HKLM..\Run: []  File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found018:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2013/11/14 08:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN:FilesC:\Program Files (x86)\AskPartnerNetworkC:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\RK_QuarantineC:\ProgramData\AskPartnerNetworkipconfig  /flushdns /c:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post the new log here !!
Thanks
Chuck

sands00 · November 14, 2013

can u post the otlfix so i can download it.

sands00 · November 14, 2013

Isn't this posted already above ur message .I know I ran it

flashh4 · November 14, 2013

No, that is the fix i wanted you to run, the very first one was a scan !

flashh4 · November 15, 2013

Cheryl i need you to open OTL then copy everything in black & Blue below & paste it into the OTL area that says "Paste Script Here" as the pic shows above, then click the "RUN FIX " button !!!!

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E0988084-C67F-4934-AD30-8C23E0BC6B76}
IE:64bit: - HKLM\..\SearchScopes\{E0988084-C67F-4934-AD30-8C23E0BC6B76}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" =
IE - HKCU\..\SearchScopes,DefaultScope = {A9D8E67A-9BEE-4F9B-9027-327EE8236F45}
IE - HKCU\..\SearchScopes\{A9D8E67A-9BEE-4F9B-9027-327EE8236F45}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS534
IE - HKCU\..\SearchScopes\{F59515E6-EA5F-4EB8-93D6-C34735898DE9}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2013/11/13 21:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions
[2013/10/29 10:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\ScorpionSaver@jetpack
[2013/10/29 12:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\staged
[2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\firefox@batbrowse.com.xpi
[2013/11/14 08:34:29 | 000,477,497 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\drkjuegq.default-1372979702731\extensions\[email protected]
[2013/10/22 14:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Roaming\Mozilla\Firefox\Profiles\pseih4rn.default-1382107281861\extensions\firefox@batbrowse.com.xpi
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/12 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\v'cxxv'cv'cxxv'cv'cv\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [] File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
018:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/11/14 08:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN

:Files
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\v'cxxv'cv'cxxv'cv'cv\Desktop\RK_Quarantine
C:\ProgramData\AskPartnerNetwork

ipconfig /flushdns /c

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

flashh4 · November 15, 2013

We are having so many problems with her computer we suspect the place where she lives may be causing them !

So i am gonna lock this topic !!

Cheryl if you need this re-opened please PM me or another Mod !

Thanks & God Bless you !

Chuck

remove mess on computer and add whar is needed

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites