Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

FLV Player and associated issues [Solved]

Started by Lytnup , Oct 30 2013 09:59 AM

  • This topic is locked This topic is locked
24 replies to this topic

#1 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 30 October 2013 - 09:59 AM

I have the FLV Player virus causing pop ups and an RVZR-a issues. Can you please help. Windows 7 OS Thanks, Lytnup temco20@verizon.net

    Advertisements

Register to Remove

#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 30 October 2013 - 10:05 AM

Hi there,

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

On your next reply please post :
OTL log
aswMBR log
MBR.dat (attached)


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 31 October 2013 - 04:22 AM

Conspire,

 

I can't d/l the "scan.txt" file.  It does not come up.

 

Chuck

Lytnup


#4 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 31 October 2013 - 09:36 AM

The forum board just went through an upgrade. Proceed the scan without the script please. Thanks


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#5 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 31 October 2013 - 11:48 AM

Conspire,

 

Here is the OTL file:

 

OTL logfile created on: 10/31/2013 12:46:42 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chuck\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 28.53% Memory free
3.75 Gb Paging File | 1.60 Gb Available in Paging File | 42.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 197.22 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive D: | 438.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 100.00 Mb Total Space | 70.31 Mb Free Space | 70.31% Space Free | Partition Type: NTFS
 
Computer Name: CHUCK-PC | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chuck\Downloads\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe ()
PRC - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe (Bitberry Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater17.0.12) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.doko-sear...125830&tsp=5040
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 D9 98 2A 8D B3 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 73 7F 01 CE 92 DB 49 93 44 82 6E 48 3E BC 6F  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000306721c308
IE - HKCU\..\SearchScopes\{35D37B7E-0484-435C-B1D3-1133B51084BC}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{78C15759-6B5C-4A41-AFAE-522750C88C21}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={B01235CC-9FC7-40FF-ADC2-A8C54D06A572}&mid=8c26c12055bc47d69875d17921c52afb-e290c81a5f1f5018842acc7148bc94b97e7913eb&lang=en&ds=AVG&pr=fr&d=2013-01-21 19:57:07&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKCU\..\SearchScopes\{C389695C-3E6C-441E-A395-775E29C16CCA}: "URL" = http://websearch.ask...5E-EB98F2319B54
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chuck\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 20:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12 [2013/10/02 06:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/03 14:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/03 14:54:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 20:39:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\extensions\specialsavings@superfish.com [2012/06/28 18:03:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Chuck\AppData\Local\ArcadeCandy\games@acandy.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\module@com.arcadesafari.firefox: C:\Users\Chuck\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2013/02/10 15:29:30 | 000,000,000 | ---D | M]
 
[2012/03/22 17:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Extensions
[2012/06/28 18:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\extensions
[2012/06/28 18:00:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\extensions\ffxtlbr@babylon.com
[2012/06/28 18:03:12 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\extensions\specialsavings@superfish.com
[2012/03/22 17:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: RealDownloader = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: RealDownloader = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_1\
CHR - Extension: AVG SafeGuard = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0\
CHR - Extension: AVG SafeGuard = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_1\
CHR - Extension: AVG SafeGuard = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_2\
CHR - Extension: Chrome In-App Payments service = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog\4.3_0\
CHR - Extension: Plus-HD-2.3 = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.25.78_0\crossrider
CHR - Extension: Plus-HD-2.3 = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.25.78_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/01/12 18:18:29 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Chuck\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4738B20-4F64-4786-8651-8E1176449D3B}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1995/12/03 21:00:00 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/30 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Chuck\Desktop\Virus Files
[2013/10/19 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Kingsoft
[2013/10/19 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
[2013/10/19 11:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
[2013/10/19 11:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2013/10/19 11:41:10 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Kingsoft
[2013/10/19 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/10/19 11:27:49 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\avgchrome
[2013/10/19 11:15:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/10/19 11:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/10/14 23:07:26 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\AVG2014
[2013/10/14 23:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/14 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Avg2014
[2013/10/09 22:46:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 22:46:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 22:46:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/09 22:46:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/09 22:46:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/09 22:46:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/09 22:46:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/09 22:46:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/09 22:46:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/09 22:46:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/09 22:46:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/09 22:46:55 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 22:46:55 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 22:46:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 22:46:54 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 22:42:03 | 000,000,000 | ---D | C] -- C:\52c475938af82c11600971
[2013/10/09 22:33:23 | 000,000,000 | ---D | C] -- C:\45e5ff06080eec68cdc8aec4d49a
[2013/10/09 05:57:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 05:57:15 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 05:57:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 05:57:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 05:57:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 05:57:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 05:57:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 05:57:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 05:57:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 05:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 05:57:11 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 05:57:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 05:56:56 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 05:56:56 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 05:56:55 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 05:56:54 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 05:56:54 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 05:56:54 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 05:56:54 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 05:56:53 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 05:56:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 05:56:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 05:56:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 05:56:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 05:56:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 05:56:24 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 05:56:24 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 05:56:19 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 05:56:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 05:56:05 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/31 12:50:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/31 12:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 12:22:39 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Arcadesafari.job
[2013/10/31 12:12:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2109932682-201200126-2622220936-1000UA.job
[2013/10/31 11:55:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Chuck.job
[2013/10/31 07:50:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2013/10/31 05:58:38 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 05:58:38 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 05:51:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 05:51:15 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\ContinueToSaveUpdaterTask{84A2E8B7-B46B-4050-B93A-5F893E706D55}.job
[2013/10/31 05:50:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 05:50:56 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 18:12:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2109932682-201200126-2622220936-1000Core.job
[2013/10/25 05:49:02 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/25 05:49:01 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/25 05:49:01 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/10/24 21:58:09 | 000,000,164 | ---- | M] () -- C:\Windows\SysNative\cc_20131024_215801.reg
[2013/10/24 21:57:28 | 000,075,972 | ---- | M] () -- C:\Windows\SysNative\cc_20131024_215713.reg
[2013/10/20 10:27:48 | 000,332,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/19 11:42:40 | 000,001,404 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk
[2013/10/19 11:42:40 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk
[2013/10/19 11:42:40 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
[2013/10/19 11:27:25 | 000,001,165 | ---- | M] () -- C:\Users\Chuck\Desktop\Continue Kingsoft Office Free Download Installation.lnk
[2013/10/17 10:02:56 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2013/10/16 20:20:46 | 000,749,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 20:20:46 | 000,639,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 20:20:46 | 000,113,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/14 23:05:29 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/09 12:33:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 12:33:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/02 05:59:16 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/24 21:58:03 | 000,000,164 | ---- | C] () -- C:\Windows\SysNative\cc_20131024_215801.reg
[2013/10/24 21:57:19 | 000,075,972 | ---- | C] () -- C:\Windows\SysNative\cc_20131024_215713.reg
[2013/10/19 11:42:41 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\WpsUpdateTask_Chuck.job
[2013/10/19 11:42:40 | 000,001,404 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk
[2013/10/19 11:42:40 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk
[2013/10/19 11:42:40 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
[2013/10/19 11:27:25 | 000,001,165 | ---- | C] () -- C:\Users\Chuck\Desktop\Continue Kingsoft Office Free Download Installation.lnk
[2013/10/14 23:05:28 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/05/20 20:29:16 | 000,135,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/02/02 12:18:27 | 000,210,841 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2013/02/02 12:18:27 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2013/01/12 17:56:01 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CHUCK-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2012/06/28 19:39:15 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
[2011/12/16 21:41:16 | 000,001,270 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\xluygn5w0ydf0hnr0fgh6n138r8k
[2011/12/16 21:41:16 | 000,001,270 | -HS- | C] () -- C:\ProgramData\xluygn5w0ydf0hnr0fgh6n138r8k
[2011/12/15 22:28:12 | 000,001,306 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\mtqktr4u2mpa0nks1ulk7p652q8l
[2011/12/15 22:28:12 | 000,001,306 | -HS- | C] () -- C:\ProgramData\mtqktr4u2mpa0nks1ulk7p652q8l
[2011/12/14 19:54:39 | 000,001,424 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\4a32bx0v66h183
[2011/12/14 19:54:39 | 000,001,424 | -HS- | C] () -- C:\ProgramData\4a32bx0v66h183
[2011/12/05 00:01:36 | 000,001,440 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\puncqa1q2lof3lgb6xwa8m371c8b
[2011/12/05 00:01:36 | 000,001,440 | -HS- | C] () -- C:\ProgramData\puncqa1q2lof3lgb6xwa8m371c8b
[2011/11/27 10:13:01 | 000,011,616 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:13:01 | 000,011,616 | -HS- | C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/07/30 12:43:39 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/04/02 10:41:10 | 000,011,316 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\l741758766f4
[2011/04/02 10:41:10 | 000,011,316 | -HS- | C] () -- C:\ProgramData\l741758766f4
[2011/01/15 12:58:23 | 000,000,093 | ---- | C] () -- C:\Users\Chuck\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 
 

Attached Files


#6 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 31 October 2013 - 09:27 PM

Hi,

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#7 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 01 November 2013 - 07:11 AM

Conspire,

 

Here is the combofix.txt file

 

Chuck

Lytnup

Attached Files


#8 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 01 November 2013 - 09:28 AM

Hello Chuck,

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#9 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 01 November 2013 - 01:06 PM

Conspire,

 

Here is the ADWCLEANER log.

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 15:00:49
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Chuck - CHUCK-PC
# Running from : C:\Users\Chuck\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\user.js
Folder Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\Extensions\specialsavings@superfish.com
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Dogpile Bundle Toolbar
Folder Found C:\Program Files (x86)\FreeRIP3
Folder Found C:\Program Files (x86)\GamingWonderland
Folder Found C:\Program Files (x86)\Zynga
Folder Found C:\Program Files (x86)\Zynga
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\bProtectorForWindows
Folder Found C:\ProgramData\FreeRIP
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\SpeedyPC Software
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\TheBflixUpdater
Folder Found C:\Users\Chuck\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Chuck\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Chuck\AppData\LocalLow\Conduit
Folder Found C:\Users\Chuck\AppData\LocalLow\continuetosave
Folder Found C:\Users\Chuck\AppData\LocalLow\FunWebProducts
Folder Found C:\Users\Chuck\AppData\LocalLow\GamingWonderland
Folder Found C:\Users\Chuck\AppData\LocalLow\MyWebSearch
Folder Found C:\Users\Chuck\AppData\LocalLow\ShoppingReport2
Folder Found C:\Users\Chuck\AppData\LocalLow\Zynga
Folder Found C:\Users\Chuck\AppData\LocalLow\Zynga
Folder Found C:\Users\Chuck\AppData\Roaming\Babylon
Folder Found C:\Users\Chuck\AppData\Roaming\DriverCure
Folder Found C:\Users\Chuck\AppData\Roaming\SpeedyPC Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\Zynga
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF95BDC0-7223-4DA7-8B91-F90C8E376444}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SpeedyPC Software
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\SpeedyPC Software
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF95BDC0-7223-4DA7-8B91-F90C8E376444}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\FocusInteractive
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Fun Web Products
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF95BDC0-7223-4DA7-8B91-F90C8E376444}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a8235b05
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\MyWebSearch
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SpeedyPC Software
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Zynga
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=A0AA00306721C308&affID=125830&tsp=5040
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : homepage
 
*************************
 
AdwCleaner[R0].txt - [19880 octets] - [01/11/2013 15:00:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19941 octets] ##########

#10 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 01 November 2013 - 09:01 PM

Good morning,

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

===================================================

 

  • Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

On your next reply please post :
AdwCleaner log
JRT log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

    Advertisements

Register to Remove

#11 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 02 November 2013 - 06:33 AM

Conspire,

 

Here are the requested logs:

 


Edited by Lytnup, 02 November 2013 - 06:34 AM.

#12 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 02 November 2013 - 07:56 AM

Please run a fresh OTL scan for review.

 

Also tell me how is your computer behaving at the moment?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#13 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 02 November 2013 - 08:41 AM

Conspire,

 

Here is the re run of OTL

 

I am not getting the FLV popups like I was before.  Looks clean.

 

Chuck

Lytnup

 

Attached File  OTL(2).Txt   79.22KB   264 downloads


#14 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 02 November 2013 - 09:01 PM

Hello,

 

Good to hear that you have no popups anymore.

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
[2011/12/16 21:41:16 | 000,001,270 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\xluygn5w0ydf0hnr0fgh6n138r8k
[2011/12/16 21:41:16 | 000,001,270 | -HS- | C] () -- C:\ProgramData\xluygn5w0ydf0hnr0fgh6n138r8k
[2011/12/15 22:28:12 | 000,001,306 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\mtqktr4u2mpa0nks1ulk7p652q8l
[2011/12/15 22:28:12 | 000,001,306 | -HS- | C] () -- C:\ProgramData\mtqktr4u2mpa0nks1ulk7p652q8l
[2011/12/14 19:54:39 | 000,001,424 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\4a32bx0v66h183
[2011/12/14 19:54:39 | 000,001,424 | -HS- | C] () -- C:\ProgramData\4a32bx0v66h183
[2011/12/05 00:01:36 | 000,001,440 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\puncqa1q2lof3lgb6xwa8m371c8b
[2011/12/05 00:01:36 | 000,001,440 | -HS- | C] () -- C:\ProgramData\puncqa1q2lof3lgb6xwa8m371c8b
[2011/11/27 10:13:01 | 000,011,616 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 10:13:01 | 000,011,616 | -HS- | C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/07/30 12:43:39 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/04/02 10:41:10 | 000,011,316 | -HS- | C] () -- C:\Users\Chuck\AppData\Local\l741758766f4
[2011/04/02 10:41:10 | 000,011,316 | -HS- | C] () -- C:\ProgramData\l741758766f4


:Commands
[EMPTYTEMP]
[CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
     

===================================================


Go here and click 'ESET Online Scanner'.
 

  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.

===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

On your next reply please post :
Fix OTL log

Fresh OTL log

ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

 


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#15 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 07 November 2013 - 10:08 AM

Are you still with me?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·