Hi Broni
The main culprit seems to be gone. Do not see any adverse sign yet.
I am now trying to clean up the rest as you suggested in your procedures.
MANY THANKS FOR YOUR HELP.
Printable View
Hi Broni
The main culprit seems to be gone. Do not see any adverse sign yet.
I am now trying to clean up the rest as you suggested in your procedures.
MANY THANKS FOR YOUR HELP.
Here are the first 2 logs, the OTL will follow:
AdwCleaner
=========
# AdwCleaner v3.020 - Report created 05/03/2014 at 16:22:46
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ADMIN - TEST-0EDA6CF69E
# Running from : C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\All Users\Application Data\w3i
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\fileopenerpro
Folder Deleted : C:\Program Files\Tencent
Folder Deleted : C:\Program Files\w3i
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Common Files\Tencent
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Bundled software uninstaller
Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\ADMIN\Application Data\Search Protection
File Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\user.js
File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\???????\?????.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMLoader\QQPCDetector.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCmgrInstallGuide.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCRTP.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCFileOpen.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\bugreport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLeakScan.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPConfig.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSPlash.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QDeskSetup.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\plugins\QMNetMon\QQPCNetFlow.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCClinic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCBTU.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCLaunch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSysOptimize.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QMUpdate\QQPCMgrUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQRepair.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCProtect.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\Uninst.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCSoftGame.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCPatch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUrlLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.2.8081.210\QQPCUpdateAVLib.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMLoader\QQPCDetector.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCmgrInstallGuide.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\bugreport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCFileOpen.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLeakScan.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPConfig.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QDeskSetup.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\plugins\QMNetMon\QQPCNetFlow.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCClinic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCLaunch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCBTU.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCProtect.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QMUpdate\QQPCMgrUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSoftGame.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUrlLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQRepair.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\Uninst.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCPatch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCUpdateAVLib.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCSysOptimize.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\121\Tencentdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRTP.exe]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\MGShareware
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\prefs.js ]
Line Deleted : user_pref("CT3268494.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
-\\ Google Chrome v33.0.1750.146
[ File : C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [19836 octets] - [05/03/2014 16:17:34]
AdwCleaner[S0].txt - [19565 octets] - [05/03/2014 16:22:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19626 octets] ##########
===================================================================
Junkware Removal Tool
=================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by ADMIN on Wed 03/05/2014 at 16:30:45.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tencent"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Application Data\ytd"
Successfully deleted: [Folder] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"
~~~ FireFox
Successfully deleted: [Folder] C:\Documents and Settings\ADMIN\Application Data\mozilla\firefox\profiles\1scr8ssh.default\extensions\staged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/05/2014 at 16:46:52.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===========================================================================
OTL log - First Part
======
OTL logfile created on: 3/5/2014 4:53:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.12 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 81.84% Memory free
4.96 Gb Paging File | 4.44 Gb Available in Paging File | 89.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 24.10 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 778.40 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 463.72 Gb Free Space | 99.56% Space Free | Partition Type: NTFS
Computer Name: TEST-0EDA6CF69E | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/05 16:12:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2014/03/05 16:12:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
PRC - [2014/02/12 21:47:59 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/30 16:39:21 | 000,319,096 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/02/16 04:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2006/11/16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/19 09:33:12 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -- (QQPCRTP)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2014/02/21 14:55:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/14 07:57:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys -- (TcHardWare)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HP8207_8307.sys -- (HP8207_8307)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/01/02 05:23:50 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/11/25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/06/26 19:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 19:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 19:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 19:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2013/04/12 09:15:20 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/16 06:19:06 | 000,073,024 | ---- | M] (Tencent) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TsFltMgr.sys -- (TsFltMgr)
DRV - [2012/11/08 07:06:52 | 000,060,448 | ---- | M] (Tencent) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSDefenseBt.sys -- (TSDefenseBt)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 08:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 19:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/14 15:18:30 | 000,043,656 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OkiPar.sys -- (OkiPar)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{4754DC77-D9B7-4947-A0C9-F65E634C5151}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLJ_en
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{71DB16E1-B014-4DCC-96AF-BB3427FE2292}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{8D247FD2-8715-4394-B7F8-FCCD0AED516B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B1B33E42F-EF14-4cd3-B6DC-174571C4349C%7D:4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\Firefox [2012/08/03 18:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/14 07:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/24 05:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012/03/23 05:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2012/02/15 07:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2012/02/15 07:45:58 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2014/03/05 16:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions
[2012/11/26 17:54:16 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2012/08/08 13:04:08 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
[2013/12/17 06:04:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/18 07:30:36 | 000,343,052 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\[email protected]
[2014/03/04 16:48:52 | 000,008,049 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
[2014/01/07 13:30:02 | 000,018,899 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/01/07 19:45:55 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\yahoo.xml
[2014/03/04 15:13:38 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\yahoo_ff.xml
[2013/02/02 12:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/17 07:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/18 06:10:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/12 05:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/10 09:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}(2)
[2012/10/19 00:48:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/14 07:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/17 07:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/14 07:58:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Mysearchdial (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Youtube to MP3 Converter = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnlpomffplbggocdfbghngdfkingkkpg\1.1.3_1\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: CRX Helper = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nkcdeobjhnkkmfepigmkfmjgmccdpofl\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/03/05 15:17:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO1.dll (Gretech Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ QQPCTray] "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" /regrun File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003..\Run: [ImeGuardCom] C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe (Sogou.com Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/...spx?n=64163164 (Mail Migration)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE18B44-B075-4E67-9D65-BBC70BFDC123}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 15:32:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
=============
NOTE: the FastClean PRO shortcut icon is still on the Desktop.
***********************************************
OTL log - First Part
======
OTL logfile created on: 3/5/2014 4:53:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.12 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 81.84% Memory free
4.96 Gb Paging File | 4.44 Gb Available in Paging File | 89.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 24.10 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 778.40 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 463.72 Gb Free Space | 99.56% Space Free | Partition Type: NTFS
Computer Name: TEST-0EDA6CF69E | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/05 16:12:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2014/03/05 16:12:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
PRC - [2014/02/12 21:47:59 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/30 16:39:21 | 000,319,096 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/02/16 04:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2006/11/16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/19 09:33:12 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -- (QQPCRTP)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2014/02/21 14:55:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/14 07:57:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys -- (TcHardWare)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HP8207_8307.sys -- (HP8207_8307)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/01/02 05:23:50 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/11/25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/06/26 19:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 19:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 19:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 19:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2013/04/12 09:15:20 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/16 06:19:06 | 000,073,024 | ---- | M] (Tencent) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TsFltMgr.sys -- (TsFltMgr)
DRV - [2012/11/08 07:06:52 | 000,060,448 | ---- | M] (Tencent) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSDefenseBt.sys -- (TSDefenseBt)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 08:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 19:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/14 15:18:30 | 000,043,656 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OkiPar.sys -- (OkiPar)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{4754DC77-D9B7-4947-A0C9-F65E634C5151}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLJ_en
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{71DB16E1-B014-4DCC-96AF-BB3427FE2292}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\SearchScopes\{8D247FD2-8715-4394-B7F8-FCCD0AED516B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B1B33E42F-EF14-4cd3-B6DC-174571C4349C%7D:4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\Firefox [2012/08/03 18:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/14 07:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/24 05:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012/03/23 05:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2012/02/15 07:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2012/02/15 07:45:58 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2014/03/05 16:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions
[2012/11/26 17:54:16 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2012/08/08 13:04:08 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
[2013/12/17 06:04:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/18 07:30:36 | 000,343,052 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\[email protected]
[2014/03/04 16:48:52 | 000,008,049 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
[2014/01/07 13:30:02 | 000,018,899 | ---- | M] () (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/01/07 19:45:55 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\yahoo.xml
[2014/03/04 15:13:38 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\searchplugins\yahoo_ff.xml
[2013/02/02 12:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/17 07:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/18 06:10:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/12 05:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/10 09:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}(2)
[2012/10/19 00:48:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/14 07:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/17 07:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/14 07:58:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Mysearchdial (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\ADMIN\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Youtube to MP3 Converter = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnlpomffplbggocdfbghngdfkingkkpg\1.1.3_1\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: CRX Helper = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nkcdeobjhnkkmfepigmkfmjgmccdpofl\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/03/05 15:17:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO1.dll (Gretech Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ QQPCTray] "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" /regrun File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003..\Run: [ImeGuardCom] C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe (Sogou.com Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/...spx?n=64163164 (Mail Migration)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE18B44-B075-4E67-9D65-BBC70BFDC123}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 15:32:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
=============
NOTE: the FastClean PRO shortcut icon is still on the Desktop.
***********************************************
OTL log - Second Part
======
========== Files/Folders - Created Within 30 Days ==========
[2014/03/05 16:17:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/05 16:12:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2014/03/05 16:12:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
[2014/03/05 12:31:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/05 12:31:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/05 12:31:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/05 12:31:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/05 12:31:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/05 12:26:58 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\iExplore.exe
[2014/03/05 12:26:17 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\rkill.exe
[2014/03/05 12:23:53 | 005,187,267 | R--- | C] (Swearware) -- C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
[2014/03/05 08:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/03/05 08:14:51 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/05 08:13:14 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/05 07:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\RK_Quarantine
[2014/03/04 20:51:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\ADMIN\Desktop\dds.com
[2014/03/04 20:43:01 | 000,000,000 | ---D | C] -- C:\Avenger
[2014/03/04 15:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Start Menu\Programs\FastClean PRO
[2014/03/04 15:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2014/03/04 15:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Start Menu\Programs\Essentials Codec Pack
[2014/03/04 15:04:41 | 000,000,000 | ---D | C] -- C:\SOFTWARE-WinMediaPlayer Codec
[2014/02/25 09:57:45 | 000,000,000 | ---D | C] -- C:\HP Envy 700-149 Details
[2014/02/21 20:15:40 | 000,000,000 | ---D | C] -- C:\SOFTWARE-OKI Drivers
[2014/02/20 06:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2014/02/18 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/02/18 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft Help
[2014/02/18 13:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2014/02/18 11:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\SoftGrid Client
[2014/02/18 11:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\SoftGrid Client
[2014/02/18 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Student (English)
[2014/02/18 11:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/02/18 11:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2014/02/18 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2014/02/18 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2014/02/18 11:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\TP
[2014/02/18 08:33:51 | 000,000,000 | ---D | C] -- C:\SOFTWARE-Microsoft Office 2010 (Paid via SoftwareKing)
[2014/02/15 18:18:55 | 000,000,000 | ---D | C] -- C:\WIN 8 Tech Stuff
[2014/02/15 10:18:20 | 000,000,000 | ---D | C] -- C:\SOFTWARE-ClassicShell
[2014/02/15 08:48:51 | 000,000,000 | ---D | C] -- C:\SOFTWARE-PowerISO
[2014/02/10 11:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/10 08:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\BHOK
[2014/02/10 07:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StudioTax 2013
[2014/02/10 07:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\BHOK IT Consulting
[2014/02/10 07:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\TaxFreeway 2013
[2014/02/10 07:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TaxFreeway 2013
[2014/02/10 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Entropy Technology Ltd
[2014/02/04 07:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
========== Files - Modified Within 30 Days ==========
[2014/03/05 16:55:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003UA.job
[2014/03/05 16:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/05 16:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/05 16:41:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2014/03/05 16:30:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/05 16:27:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/05 16:27:38 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2014/03/05 16:27:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/05 16:12:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2014/03/05 16:12:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\ADMIN\Desktop\JRT.exe
[2014/03/05 16:10:54 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
[2014/03/05 16:04:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Microsoft Word.lnk
[2014/03/05 15:51:53 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/03/05 15:17:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/05 14:16:59 | 005,187,267 | R--- | M] (Swearware) -- C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
[2014/03/05 12:27:00 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\iExplore.exe
[2014/03/05 12:26:20 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\ADMIN\Desktop\rkill.exe
[2014/03/05 10:56:10 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/05 10:55:28 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/05 07:43:45 | 003,819,008 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\RogueKiller.exe
[2014/03/04 20:51:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\ADMIN\Desktop\dds.com
[2014/03/04 15:21:31 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\WB.CFG
[2014/03/04 15:09:27 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\FastClean PRO.lnk
[2014/03/04 15:08:23 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Media Player Classic.lnk
[2014/03/04 06:59:57 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/01 20:50:43 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2014/02/28 21:55:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003Core.job
[2014/02/21 08:20:22 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Microsoft Excel.lnk
[2014/02/20 06:50:20 | 000,343,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/20 06:46:55 | 000,633,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/20 06:46:55 | 000,134,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/14 06:18:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/12 08:38:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/10 09:44:32 | 000,017,071 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\newtaxfile.X13
[2014/02/10 09:09:47 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\KennethKwan.13t
[2014/02/10 09:08:19 | 000,009,342 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETHKWAN_2013.TAX
[2014/02/10 08:38:11 | 000,161,744 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETHKWAN_2013.pdf
[2014/02/10 08:36:22 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\KennethKwan.13t.backup
[2014/02/10 07:50:33 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2013.lnk
[2014/02/10 07:47:05 | 000,004,664 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETH KWAN_2013.TAX
========== Files Created - No Company Name ==========
[2014/03/05 16:10:48 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\adwcleaner.exe
[2014/03/05 12:31:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/05 12:31:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/05 12:31:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/05 12:31:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/05 12:31:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/05 07:43:43 | 003,819,008 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\RogueKiller.exe
[2014/03/04 15:21:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\WB.CFG
[2014/03/04 15:09:38 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2014/03/04 15:09:27 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\FastClean PRO.lnk
[2014/03/04 15:08:23 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Media Player Classic.lnk
[2014/02/10 20:15:08 | 000,183,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/10 09:44:32 | 000,017,071 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\newtaxfile.X13
[2014/02/10 09:08:16 | 000,009,342 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETHKWAN_2013.TAX
[2014/02/10 08:41:29 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\KennethKwan.13t.backup
[2014/02/10 08:38:07 | 000,161,744 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETHKWAN_2013.pdf
[2014/02/10 08:36:14 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\KennethKwan.13t
[2014/02/10 07:50:33 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2013.lnk
[2014/02/10 07:47:05 | 000,004,664 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\KENNETH KWAN_2013.TAX
[2013/12/18 08:47:21 | 000,000,147 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2013/08/30 19:37:00 | 000,379,924 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-1935655697-839522115-1003-0.dat
[2013/08/30 19:36:59 | 000,320,154 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/04/09 10:51:07 | 000,000,134 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2013/04/04 19:06:15 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/03/11 19:49:46 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2013/03/11 19:49:40 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2013/03/11 19:49:40 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2013/03/11 19:49:40 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2013/03/11 19:49:40 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2013/01/29 15:03:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/11/25 06:28:03 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\CoreAVC.ini
[2012/11/23 08:51:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2012/11/16 12:35:31 | 000,112,032 | ---- | C] () -- C:\WINDOWS\System32\QQPCUrlLoader.exe
[2012/11/16 12:32:43 | 000,054,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/08/11 12:34:06 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\dt.dat
[2012/07/25 21:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2012/07/01 20:03:48 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/06/21 17:38:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2012/05/23 16:39:35 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/05/22 14:24:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/05/22 14:24:09 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/04/13 09:33:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/28 13:13:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/07/14 06:10:51 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\ADMIN\default.pls
[2008/07/12 10:48:48 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2008/07/27 13:33:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 17:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/10/02 08:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\AVG2014
[2014/02/10 08:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\BHOK
[2013/11/23 07:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Blueberry
[2014/02/26 07:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Canon
[2008/08/06 00:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/16 12:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\DVDVideoSoft
[2013/08/30 07:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ElevatedDiagnostics
[2012/04/04 16:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Free Sound Recorder
[2013/11/07 08:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Free-PDF-to-Word.com
[2012/11/17 08:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Kingsoft
[2013/11/23 07:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\LogSys
[2012/11/17 08:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Maxthon3
[2011/12/25 06:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Nitro PDF
[2013/04/10 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\PPStream
[2012/11/24 11:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SEGameCenter
[2012/06/02 07:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Sevas-S
[2014/02/19 08:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SoftGrid Client
[2013/03/12 16:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Softland
[2013/03/13 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouInput
[2013/06/30 21:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouPY
[2012/11/24 11:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SogouPY.users
[2012/01/05 16:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\SumatraPDF
[2013/05/03 10:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Thunderbird
[2014/02/18 11:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TP
[2012/09/26 17:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TuneUp Software
[2012/11/29 19:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\uTorrent
[2012/11/17 08:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Wandoujia2
[2012/06/21 05:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\wtxpcom
[2012/11/03 02:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\0C8E61B26569A9A100000C8E5529AF40
[2013/10/02 08:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/10/02 13:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2011/01/19 13:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/10 07:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entropy Technology Ltd
[2012/11/17 08:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/06/23 23:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/11/23 07:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2009/06/12 17:42:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2014/03/05 09:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/25 06:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2014/01/07 13:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPPU
[2013/07/03 08:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/06/02 05:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/12/02 06:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2011/12/26 08:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2014/02/18 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/11/23 08:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xunlei
[2014/03/04 20:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/12/16 11:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/13 08:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/03/12 16:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2012/11/24 18:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SogouPY.users
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/12/29 06:04:31 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\ADMIN\My Documents\??????.doc) -- C:\Documents and Settings\ADMIN\My Documents\住宅租赁合約.doc
[2013/12/26 17:47:18 | 000,036,864 | ---- | C] ()(C:\Documents and Settings\ADMIN\My Documents\??????.doc) -- C:\Documents and Settings\ADMIN\My Documents\住宅租赁合約.doc
[2012/11/23 15:08:23 | 000,000,000 | ---D | M](C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏
[2012/11/23 15:08:23 | 000,000,000 | ---D | M](C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏
[2012/11/23 15:08:05 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\迅雷游戏
[2012/11/23 15:08:05 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\迅雷游戏
[2012/11/22 20:07:10 | 000,000,832 | ---- | M] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\百度浏览器.lnk
[2012/11/22 20:07:10 | 000,000,832 | ---- | C] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\百度浏览器.lnk
[2012/11/16 12:32:24 | 000,000,810 | ---- | M] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/11/16 12:32:24 | 000,000,810 | ---- | C] ()(C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/07/23 14:21:14 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\ADMIN\My Documents\??.doc) -- C:\Documents and Settings\ADMIN\My Documents\药能.doc
[2012/07/23 14:21:13 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\ADMIN\My Documents\??.doc) -- C:\Documents and Settings\ADMIN\My Documents\药能.doc
(C:\Program Files\????) -- C:\Program Files\迅雷游戏
(C:\Documents and Settings\All Users\Start Menu\Programs\?????????) -- C:\Documents and Settings\All Users\Start Menu\Programs\谷歌金山词霸合作版
(C:\Documents and Settings\All Users\Start Menu\Programs\???????) -- C:\Documents and Settings\All Users\Start Menu\Programs\搜狗拼音输入法
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\迅雷软件
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\腾讯软件
(C:\Documents and Settings\ADMIN\Start Menu\Programs\??????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\迅雷游戏盒子
(C:\Documents and Settings\ADMIN\Start Menu\Programs\?????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\百度浏览器
(C:\Documents and Settings\ADMIN\Start Menu\Programs\????) -- C:\Documents and Settings\ADMIN\Start Menu\Programs\腾讯软件
(C:\Documents and Settings\ADMIN\Application Data\????) -- C:\Documents and Settings\ADMIN\Application Data\迅雷游戏
< End of report >
======
Note: The FastClean PRO shortcut icon is still on the Desktop.
***********************************************
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -- (QQPCRTP)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys -- (TcHardWare)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HP8207_8307.sys -- (HP8207_8307)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
O3 - HKU\S-1-5-21-1202660629-1935655697-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [ QQPCTray] "C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" /regrun File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
[2014/03/04 15:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Start Menu\Programs\FastClean PRO
[2014/03/04 15:09:27 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\FastClean PRO.lnk
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
OTL SCAN LOG - CUSTOM SCAN/FIXES:
--------------------------------------
All processes killed
========== OTL ==========
Service QQPCRTP stopped successfully!
Service QQPCRTP deleted successfully!
File C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe not found.
Service CorelCreatorMessages stopped successfully!
Service CorelCreatorMessages deleted successfully!
File C:\WINDOWS\system32\CorelCreatorMessages.exe not found.
Service TcHardWare stopped successfully!
Service TcHardWare deleted successfully!
File C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service HP8207_8307 stopped successfully!
Service HP8207_8307 deleted successfully!
File system32\DRIVERS\HP8207_8307.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@qvod.com/QvodInsert\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QQPCTray not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert Link Target to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\ deleted successfully.
C:\Documents and Settings\ADMIN\Start Menu\Programs\FastClean PRO folder moved successfully.
C:\Documents and Settings\ADMIN\Desktop\FastClean PRO.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: ADMIN
->Temp folder emptied: 5598177 bytes
->Temporary Internet Files folder emptied: 17547701 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93586556 bytes
->Google Chrome cache emptied: 53718858 bytes
->Flash cache emptied: 95126 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3141 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 163.00 mb
[EMPTYJAVA]
User: ADMIN
->Java cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: ADMIN
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03052014_185742
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
======================================
SECURITY CHECK LOG
---------------------
Results of screen317's Security Check version 0.99.80
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
????????
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Mozilla Thunderbird (17.0.6)
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
======================================================================
FARBAR SERVICE SCANNER LOG
------------------------------
Farbar Service Scanner Version: 25-02-2014
Ran by ADMIN (administrator) on 05-03-2014 at 19:39:43
Running from "C:\Documents and Settings\ADMIN\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A000000050000000100000002000000030000000400000008000000090000000A0000000600000007000000
IpSec Tag value is correct.
**** End of log ****
======================================
No log produced by ESET or Temp File Cleaner
and the FastClean PRO shortcut icon is no longer on Desktop.
MANY, MANY THANKS TO YOU BRONI AND MIDKNYTE.
http://dev.discussions.virtualdr.forums.relay.cool/ Update Firefox to the current 27.0.1 version.
http://dev.discussions.virtualdr.forums.relay.cool/ Update Thunderbird to the current 24.3 version.
http://dev.discussions.virtualdr.forums.relay.cool/ Update Adobe Reader
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
===========================================================
Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download http://dev.discussions.virtualdr.for.../2018/08/1.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642
12. Please, let me know, how your computer is doing.
Hi Broni,
Just cleaned up the various tools and logs and updated the 3 programs as recommended.
So far everything seems OK and running smoothly.
Many, many, many thanks !!
Yes!! https://discussions.virtualdr.com/
Good luck and stay safe :)